The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
after some time I turned back to driver writing and got stuck with all this modern driver signing stuff.
I have an NDIS filter driver that follows the WDK example from a couple of years ago (Visual Studio 2013 at that time) that I moved to Visual Studio 2019, mainly because my OV code signing certificate from a couple of years ago finally expired. So I bought an USB token based EV code signing certificate from Sectigo (which turned out to still be issued by Comodo CA) besides another plain old OV certificate (which really is Sectigo issued).
I can nicely sign normal programs via signtool with both certificates, but I'm completely lost signing my filter driver in Visual Studio 2019 (no signtool build-step). Regardless which of the certificates I choose (the EV or the OV) I get the message "error : No matching cross certificate found for the given production signing certificate.". For the OV certificate all the Sectigo intermediate certificates are installed and located in my certificate store (both current user and local system) while for the EV certificate "COMODO RSA Extended Validation Code Signing CA" is missing and I also didn't find it on the web (asked Sectigo about that).
Some details: The project already in the VS2013 incarnation had configurations for W7, W8 and W8.1. After updating it to VS2019 I added a W10 configuration and changed the respective settings. All configurations compile and link. In the project settings under "Driver Signing" on the "General" tab the W7, W8 and W8.1 configurations don't have a parameter "Cross-Signing Certificate", while the W10 configuration has. What do I have to enter there?
Besides the fact that the production-signed driver afterwards has to be sent to MS (thanks for all the blog posts regarding Attestation Signing) how is driver signing inside Visual Studio 2019 meant to be working. Shouldn't it even being possible to sign with a plain old OV certificate?
And something else puzzled me: In the project settings under "Driver Signing" on the "General" tab for the parameter "TimeStampServer" I can only choose from "Verisign", "Globalsign" or "none", nada "Sectigo" (resp. "Comodo"). Bought the wrong certificate?
Any hints very much appreciated!
PS: Please forgive my ignorance. Driver writing/signing isn't my daily business at all and sometimes I feel the world is moving too fast :-)
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Internals & Software Drivers||30 Nov 2020||LIVE ONLINE|
|Writing WDF Drivers||7 Dec 2020||LIVE ONLINE|
|Developing Minifilters||Early 2021||LIVE ONLINE|