Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Driver Signing procedure

ramchandra24ramchandra24 Member Posts: 11

I need to sign my KMDF driver on Visual Studio. I have bought a EV Certificate from Sectigo. What is the right way to import it on Visual Studio 2017?

Comments

  • Martin_DrábMartin_Dráb Member - All Emails Posts: 81

    I need to sign my KMDF driver on Visual Studio. I have bought a EV Certificate from Sectigo. What is the right way to import it on Visual Studio 2017?

    Since Visual Studio 2017 does not support double signing (I think) you may want to use the SignTool utility from the WDK (to attach sha1 and sha256 signature). Otherwise, your driver might not work on older versions of Windows (well, they probably are out of support now).

    I cannot elaborate on the Attestation signing process since I own only an OV certificate (which is good enough if you do not intend to support machines with Secure Boot enabled). There should be, however, plenty of topics related to driver signing, so the Search bar is your friend.

    Martin Dráb

  • Jon_K.Jon_K. Member Posts: 6
    edited June 2019

    Same as above, I don't know if you can "import" the cert into VS. You could probably write a post build event to automate the process though. Here are some pointers:

    1.) You should have safenet installed

    2.) First step: sign the binary. Your ccert (if in the form of a USB key) should be plugged in. cmd:
    signtool sign /v /sha1 <the sha1 of your cert> /t http://timestamp.digicert.com <your binary>.sys
    safenet should open and promt for your password

    3.) Run inf2cat. cmd:
    inf2cat" /driver:_<directory containing your binary and inf>_ /os:10_X64,6_3_X64

    4.) Sign the cat. cmd:
    signtool sign /v /sha1 <sha1 of your cert> /t http://timestamp.digicert.com <your binary>_cat

    At this point you should either submit for attestation signing OR rung HLK then submit for signing. Searching on the commands above should easily lead to further documentation. Hope this helps!

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA