Automating Attestation Signing

OSR_Community_User · August 24, 2017, 5:28pm

Hello Sirs.,

Some months ago someone wrote here having a partially working attestation signing automation. Researching the topic I’ve found Microsoft claiming that the REST APIs would not be available anymore after October/2016.

Does anyone have or know about any solution or the API’s working status?
My goal is to include our driver’s production signing into our pipeline.

Thanks!

Eric_Berge · August 25, 2017, 10:15am

If that is the same note I saw, they also left the door open for providing the REST API in the future on the new signing portal but there was no commitment or time frame specified.

I filed a support request that this be brought back for the new portal with an API as similar as possible to the old API as I had mostly implemented that with some python scripts. However I have not received a reply from Microsoft.

I would recommend adding your voice through whatever channels you have open to Microsoft to request that they provide this as soon as possible as the ability to automate build/signing processes is very necessary. I believe Microsoft understands this to a degree as I suspect it was one of the key issues that caused them to back off from the requirement that drivers by signed directly with an EV Certificate for Windows 10.

Eric Berge

OSR_Community_User · August 25, 2017, 2:08pm

Hi Eric,
I’ll ask that through the portal feedback form.
Thanks for sharing.

Peter_Viscarola_OSR · August 30, 2017, 11:06am

If anybody hears anything about this, please post back here.

Peter
OSR
@OSRDrivers

Frank_Hoffmann · April 17, 2019, 12:37pm

There is now an official REST API from Microsoft for signing drivers and other dashboard features like managing shipping labels. The API ist documented here: https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/dashboard-api
There is also a Microsoft sample in C# how to use this API. I’ve also tested it with a python script I wrote. The signing works and can now be completely automated.

Jason_T · April 18, 2019, 4:21pm

Thanks for posting that Frank!

I wish they’d add an architecture selection box to the web UI as well - to pick all x86, x64 or ARM SKUs. The way the various versions are laid out, it’s way too easy to miss one version of x64, for example, since some are in the left column, some in the right, and the list is always changing/growing. This alone would be a good reason to build a simple app to automate the process.

Peter_Viscarola_OSR · April 18, 2019, 4:28pm

Yes, Mr. Hoffmann… thank you indeed.

While I would ordinarily chide you for a necropost, this one was indeed very useful. As soon as I read your post, I sent an email to my team members saying “We should do this”

Peter
(Still, you know, it WAS a necropost)

Dejan_Maksimovic · April 18, 2019, 5:15pm

If anyone does a C/C++ port for the API, it would be nice.
I will be working on a Delphi, as soon as time permits.