I'm trying to wrap my mind around the current driver signing situation for windows 7 and windows 10.
We have some non-pnp software only drivers which, if I understand correctly, can only be signed through a "trick" in the attestation signing procedure for windows 10.
( https://social.msdn.microsoft.com/Forums/sqlserver/en-US/b84d0bdc-f661-4ead-b16c-6521093e044a/win-102016-driver-signing-of-nonpnp-software-only-drivers?forum=wdk )
Does this procedure make them valid for each version of windows 10 (including the pre 1607 versions)?
However it doesn't make a valid signed driver for windows 7 so we need to sign it differently for those systems.
There are two flavours for windows 7; before and after the SHA-256 update
Before the SHA-256 update SHA-256 signed drivers will show an error on windows 7, and from what I read from the current microsoft documentation SHA-1 signed drivers will throw a warning (but currently still install) on an updated SHA-256 windows 7 machine. (but I guess at some point in the future the might not be allowed at all).
( https://knowledge.digicert.com/solution/SO27330.html )
Will it be possible to use dual signing to have a single driver file be installed on all versions of windows 7?
( https://knowledge.digicert.com/generalinformation/INFO2274.html )
Is it possible to sign a single driver for all these three combinations? ( attestation (w10) and dual signed (w7) )
From what I make up from this comment it seems doable (since we don't have .inf files for these drivers)
"The binary files in your package come back with Microsoft's signature added to whatever signature was there before.Â So, the driver binary will work on all of the systems."
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Developing Minifilters||29 July 2019||OSR Seminar Space|
|Writing WDF Drivers||23 Sept 2019||OSR Seminar Space|
|Kernel Debugging||21 Oct 2019||OSR Seminar Space|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|