Hello, dear administrators and experienced OSR contributors.
I've written an NDIS filter driver that will only be installed on a small number of computers in our office. We don't require legal certifications, but we do need to be able to install this driver without switching the computer to test mode (unsigned mode). We're willing to pay for this. Is there any way to sign our driver without legal certification?
No. Even if you install a custom trusted root certificate, Windows will not load the driver until you enable test mode. This was introduced in Windows 10. I'm not sure about your environment.
Test mode does not allow loading unsigned drivers. It allows loading drivers not signed my Microsoft, but still valid by a local trusted root certificate. Unless WinDbg is connected. Which always allows loading drivers. Trusted or not.
Thank you, I understand that we need legal certification. But as far as I understand, it's a very complicated and lengthy process because I don't know if my driver will meet all the certification requirements. Could you please tell me who should do this? The programmer, meaning me, or the administrative department at our office, as it will take a lot of time, during which I won't be able to promote my driver and software.
I'm not expert in this, but you are correct. This is a lengthy process and your driver must meet certain (using this word because I can't list them all) requirements. As far as the coder and publisher, you should send it for signing. Other members should correct me if I'm wrong.
Thank You very much. I understand, that for certification my driver need to satisfy meny requirments, that we do not need, for example plag and play requirments and so on. So I need to append my driver with extra properties, without what driver is workin well for us
Your driver has to be signed by Microsoft. There are two ways to get that signature. (1) You can install the HLK (Hardware Lab Kit) and run all of the tests designated for your class of driver, then submit those test results through the Hardware Dashboard. (2) You can submit your driver through the Hardware Dashboard for “attestation signing”, where you pinky promise them that you have done due diligence testing, without having to submit test results.
Both of these require that you set up a Microsoft hardware partner account so you can submit your packages. Doing that requires that your corporation get an Extended Validation (EV) Code Signing Certificate yourself.
Third parties cannot do this for you. The PURPOSE for the signature is to provide a traceable and legally verifiable link back to you, so you can be sued if your driver causes damage. No third party is going to assume that liability for you.
1 Like
Thank you, Mr. Tim Roberts. My boss told me to convert my NDIS filter driver to UMDF format. But I don't know if it will work properly after conversion. It might reduce the speed of my driver. Becouse after that driver installation the speed of internet becomes from 50 to 20
and second question. Aproximately how mush must pay our office for legal sertification
The speed shouldn't differ that much. I suggest you optimizing the code
No, it's because we change all traffic using the USB device, and most of the loss occurs in the encryption process inside the USB device itself (FTDI plus FPGA).
Previously, FTDI didn't have an interface for kernel mode operation. Now FTDI has changed its driver and uses the standard WinUSB driver for Windows. Do you think I can use this new WinUSB driver for FTDI from kernel mode? In other words, can I call winusb functions from my NDIS driver without using the user-mode program that previously did this?
UMDF drivers now also require signing. The certification by MSFT is free. The EV cert is not free, somewhere between a few 100 dollars and over 1000 dollars.
If you need this for work, then you need to get a Microsoft Partner account and enroll in the hardware program. Again, free, but recently everyone trying to do this has had grief and misfortune because the system seems to be quite broken.
1 Like
Thank you, Mr. Mark Roddy. All your advice was very helpful.