HLK HyperVisor Code Integrity Readiness fails for a software driver on Windows 10

Hello,

I am trying to run HLK tests for a software driver on Windows 10. I want to build a test packet and have the driver signed. I know about attestation signing but that is not what interests me.

I have setup a test network with HLK Studio running on a Windows Server 2019, and a client running Windows 10 2004. The Windows systems are in English version.

I defined a project with the driver on HLK Studio. Studio says there are 2 tests to pass:

  • HyperVisor Code Integrity Readiness
  • TDI filters and LSPS are not allowed

The first test fails. The following items are marked as failed:

  • HLK Config Library Tasks
  • Copy Test Binaries
  • CheckForTooManyDrivers
  • EnableDriverVerifier
  • SetDriverVerifierOptions
  • QueryDriverVerifierSettings

The second test run fine. I have no idea what it takes to pass the failed test.

  • HLK Filters are up to date on controler.
  • Secure boot is disabled and testsigning is enabled on the client.
  • Driver only allocates NonPagegPoolNx memory.
  • I have tried to run Device Guard and Credential Guard hardware readiness tool on client but it fails because Secure Boot is disabled.

Do I have to enable Secure Boot to run HyperVisor Code Integrity Readiness? But in that case how should I install the driver to be tested?

Have you looked at the test logs? Also the HLK provides you with the config scripts to re-run a failed test, so you should be able to repro and debug the problem.

OK, I’ll look.

It seems to me quite difficult to interpret. If I look for example the first test:

  • HLK Config Library Tasks Per Test - Native / Failure
    • Runjob - HLK Config Library Tasks Per Test / OK
      • Copy Test Binary and Verifier Scripts / OK
      • Setup TAEF Root (Test Arch) / OK
      • Setup TAEF Root Alt (Test Arch Alt) / OK
      • Configure Crash dump event kog setting / OK
        o Logs
      • Configure Umdf Driver Verification / OK
      • Set Driver Registry Settings / OK
        o Logs
      • WaitforShellReady / OK
    • Setup TAEF Root (Test Arch) / OK
    • Setup TAEF Root Alt (Test Arch Alt) / Failure

There is no available logs for the failed item. When I look at the existing logs I don’t detect any failure.