Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Testing usb filter driver using Windows HLK

ksupallksupall Member Posts: 7

Good afternoon!
I am currently developing a usb driver for filtering connected devices.
One of the steps to include it in software is to sign the Microsoft driver. As far as I understand, it is necessary to pass a list of HLK tests. How to find out which list of tests you need to pass in order to narrow down the number of tests, since they take a lot of time?

Comments

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,158

    The HLK will automatically choose the tests for you.

    BUT... You can Attestation Sign your driver for Windows 10 ... without having to run or pass the HLKs. And, as of today, you can cross-sign your drivers to load on Win 7, 8 and 8.1 ... again, without having to run or pass the HLKs.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • ksupallksupall Member Posts: 7

    @Peter_Viscarola_(OSR) said:
    The HLK will automatically choose the tests for you.

    BUT... You can Attestation Sign your driver for Windows 10 ... without having to run or pass the HLKs. And, as of today, you can cross-sign your drivers to load on Win 7, 8 and 8.1 ... again, without having to run or pass the HLKs.

    Peter

    How can HLK choose tests automatically? Now I have to put ticks by myself.

  • ksupallksupall Member Posts: 7

    I tried to submit driver (.hlkx file) but I got an error message when I upload it to Microsoft Dev Center (https://partner.microsoft.com/ru-ru/dashboard/hardware/driver/New)
    Error message: " The file you selected is not a valid format for submission. Verify your selection and, if needed, recreate your submission package and try again."

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,695

    How can HLK choose tests automatically?

    HLK usually uses the INF file to do this. If you are filtering every kind of USB device, then it's not clear to me how you would use HLK. As I've said before, HLK tests devices, not drivers. If you are a filter above the hub, I suppose you could aim HLK at your host controller.

    " The file you selected is not a valid format for submission..."

    Well, what kind of file did you submit? You need to submit a signed cabinet file, with your driver package in a subdirectory, as described in the documentation.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,158

    @ksupall .... or don't run the HLKs at all. And sign your driver by doing what I suggested earlier.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • ksupallksupall Member Posts: 7

    @Peter_Viscarola_(OSR) said:
    @ksupall .... or don't run the HLKs at all. And sign your driver by doing what I suggested earlier.

    Peter

    Sorry, but I misunderstand something... Let me please describe you my situation:
    I have to sign my driver that filters usb devices (all devices).
    I have directory, where I have .cer, .pdb, .sys and .inf files for this driver. In this directory I mentioned I also have another directory which contains .cat, .sys, .cer and .inf files. (I guess they are the same as in previous direcotory) So I adjusted Testing System and Testing Server (HLK Controller and HLK Client). So I would like to know particular steps that I have to do. So how can I use INF file? What tests should I run? Do I have to install my driver to the Client?

  • ksupallksupall Member Posts: 7

    @Tim_Roberts said:

    How can HLK choose tests automatically?

    HLK usually uses the INF file to do this. If you are filtering every kind of USB device, then it's not clear to me how you would use HLK. As I've said before, HLK tests devices, not drivers. If you are a filter above the hub, I suppose you could aim HLK at your host controller.

    Well, what kind of file did you submit? You need to submit a signed cabinet file, with your driver package in a subdirectory, as described in the documentation.

    Could you please give me a link to the documentation, I used only windows documentation to adjust HLK Client and HLK Controller. You can see my comment higher, so maybe you can help me to realize how to do this.

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,695

    Have you tried to submit for an attestation signature?

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • ksupallksupall Member Posts: 7

    @Tim_Roberts said:
    Have you tried to submit for an attestation signature?

    Do you mean Ev certificate?
    I have GlobalSign one ev-certificate, but I have no ideas how to use it.

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,695

    No. Let's go over it all again. There are THREE mechanisms for getting a driver package signed.

    1. Sign the package with your own certificate and a Microsoft cross-certificate.

    2. Do full WHQL testing and submit your package through the dashboard.

    3. Submit your package for attestation signing through the dashboard.

    Option 2 has worked forever, and continues to work today.

    Option 1 was the traditional mechanism for releasing drivers. This method does not require an EV certificate, but does require you to use a CA for which a Microsoft cross-certificate is available. This method continues to work in Windows 10, but only if the system does not have "Secure Boot" enabled in the BIOS. Option 1 is the one Microsoft intends to disable in July.

    Option 3 is new with Windows 10. You submit the driver package through the same dashboard you use for WHQL, but on a different page. No WHQL testing is required, but you do "attest" to the fact (cross your heart and hope to die) that you have done enough testing to ensure the driver isn't schlock. The driver package and binaries you get back are signed by Microsoft, but the CAT file is only valid on Windows 10.

    Options 2 and 3 require you to have a Microsoft Hardware Dashboard account. Establishing such an account requires an EV certificate, and the cabinet files you submit must be signed with a certificate registered with that account.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,695

    I have directory, where I have .cer, .pdb, .sys and .inf files for this driver. In this directory I mentioned I also have another directory which contains .cat, .sys, .cer and .inf files.

    Note that "the driver package" consist of the .inf, the .sys, and the .cat. The others are just build by-products.

    (I guess they are the same as in previous direcotory)

    You guess??? You damned well better be sure. If you're not sure where the files in your build tree are coming from, then you need to find out.

    Do I have to install my driver to the Client?

    Yes. How else can it test the devices?

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • ksupallksupall Member Posts: 7

    @Tim_Roberts said:
    Option 1 is the one Microsoft intends to disable in July.

    Thank you so much! Now it's more clear! Tell me please, can I use Option 1 now? I mean Microsoft intends to disable it in July new year? Or has already disabled?

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,695

    It still works for now, but they have announced plans to kill that option in July 2021.

    It's a good option for internal use, but it's not practical for public distribution because the user had to disable "Secure Boot", and corporate IT departments don't allow that.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE