There’s almost no statement in your post that I agree with. Let me see… OK! I agree that running the HCK is “no automated button press.” See, we can agree on something.
What we have learned about driver signing in the last decade since Microsoft started experimenting with rules is it hasn’t worked;
Disagree on many fronts.
First, you are conflating drivers signing… introduced with 64-bit Windows and passing the WHQL tests… which has been with us since forever. Two different things, as you well know. So, why muddle your argument and conflate them here?
Driver signing has, in general, turned out to be either a good thing or a pretty neutral thing for the world in general. It makes sense that, in the hostile world in which we find ourselves, the author of a driver should be (reasonably) unambiguously digitally identified. This is what driver signing fundamentally accomplishes. Nothing more, nothing less.
that’s why they keep changing the rules.
You misunderstand how things work up in Redmond. They keep changing the rules to achieve new program goals. Attestation signing is a symptom of the success of the driver singing program; it’s an attempt to tighten the signing requirements, close the loophole in who can get a cert, and (most importantly) get a better handle on what drivers exist in the ecosystem and who’s creating them.
Time to market suffers, our costs go up, and we spend less percentage of our time writing code which hurts our expertise
Drama much? Driver signing does these things? Cuz, you know, I just Attestation Signed two driver packages each with a half-dozen or so components on Thursday and it took, oh (no joke), 20 minutes… max. And that’s counting the time it took me to find and download a proper version of the cursed eToken software (if you want something to complain about, complain about eTokens! THEN we’ll be on arguing on the same side).
Look: If the point you’re trying to make is that driver signing can sometimes be a PITA, I’ll grant you that… with the caveat that it depends on what you’re trying to do. When driver packaging and signing are hard, it’s almost always because (a) you can’t figure out what Redmond wants you to now do, or (b) folks want to create a single set of binaries collected in a single driver package that will install on any platform. In the former case, that’s why we’re all here, sharing our expertise and experience with each other. In the latter case, you’re just making your own life hard. And before you go all “My users are too stupid to select and install the right package” … having multiple driver packages doesn’t imply having multiple installer downloads. Put everything together in a big InstallShield file, and auto-choose which to install and be done with it.
There’s plenty to dislike about how Microsoft are treating driver writers these days. There’s plenty to complain about with regard to how Driver signing has “evolved” over the past several years. But, like the problem of “figuring out what Redmond wants you to do now”, most of these complaints come down to absolutely abominable communication from Microsoft and nothing more. Once you figure out what the fuck they want you to do, it’s usually not so very hard to accomplish what both you and they want. It’s just the figuring that’s senselessly difficult.
Peter