Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


How to get KMDF driver digital signature for release package (without test mode)

MohanMohan Member Posts: 7

Hi,

I have developed KMDF driver for ISA card in windows 10 IOT. The driver is working fine, I have tested the driver with 'test mode' (enable kernel test mode - bcdedit /set testsigning on). Now I have to release the driver package to client, so it should work with normal mode (without test mode). If I disable test mode and install the driver, it shows "Windows cannot verify the digital signature for the drivers required for this device. in device manager and driver is not working properly.

I have read a lot about getting digital signature, still it is confusing. My driver is not a universal, I will not release to public, It belongs to specific embedded HW.
1. Is it necessary to getting driver signature from Microsoft?
2. Shall we skip this by any legal ways?
3. If not, Please guide me to get a release signature.

Thanks in advance
Mohan.

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,405

    If you can figure out a way to do the signing yourself, now that Microsoft has torn down the cross certificates, and if your clients are willing to run with "Secure Boot" turned off in the BIOS, then you shouldn't need the signature. At least, I THINK this was true. It certainly was in the early years of Windows 10.

    However, it's not all that painful to get a Hardware Dashboard account and submit your driver for attestation signing.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 9,044
    1. Is it necessary to getting driver signature from Microsoft?

    Yes.

    1. Shall we skip this by any legal ways?

    No.

    1. If not, Please guide me to get a release signature.

    You want to use “Attestation Signing”… see https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/code-signing-attestation.

    Peter Viscarola
    OSR
    @OSRDrivers

  • MohanMohan Member Posts: 7

    Thanks for the replay!!

    My client is willing to work in 'test mode', but they want to know whether it will create any potential issues while running the system long time in test mode?

    If it will create anu issues, we need to go for driver signature. For that how much time & cost needed that information I can't see anywhere.
    Please help me on this time & cost details.

    Thanks,
    Mohan.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 9,044

    Your client does not want to run their system(s) in test mode. This is a security vulnerability.

    Read what I already wrote: You want to use attestation signing. The time and cost depend on you.

    Peter Viscarola
    OSR
    @OSRDrivers

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 January 2023 Live, Online
Developing Minifilters 20 March 2023 Live, Online
Writing WDF Drivers TBD 2023 Live, Online
Internals & Software Drivers 17 April 2023 Live, Online