I developed a kmdf driver but now I am confused about signing, there are multiple options for that!
My kmdf driver is disk upperfilter driver which will run at the boot time.
Can someone suggest me about driver signing?
I am going to use the driver only in our company so how do I minimize the cost and what to choose for signing?
You can turn off driver signing requirements on Windows to run drivers without any signature although it may lead to things being less secure so a custom system that disallows other new drivers from being loaded might be a good idea. If you want to sign your drivers you would need an EV cert which takes a lot of vetting and is around $400 per year. But even with an EV cert you still need Microsoft to sign it with there not being another way around it as far as I know. The main issue for me is that Microsoft has a ton of problems and for me I just get auto rejected with no reason or way to resolve it.
When I was developing the driver, I used to disable driver signing enforcement each time....
After this now I think the process is like:
- Driver signing by EV
- Submit to Microsoft
- Microsoft sends back .cat file(If driver passed)
- Deploy or release
Microsoft accepts only around 4 CAs.
Can you please correct me if I am wrong?
Your driver does not have to be signed, although most people do so. The EV cert is needed to establish your dashboard account. The cabinet file that you submit needs to be signed with a certificate registered with your account, just to make sure you are authorized to submit. That can be your EV cert, or it can be another code-signing certificate.
Hello @Tim_Roberts!
So If I just self sign the kernel driver and use it to install by disabling the driver enforcement signature, will this work?
Because I noticed something that It gives warning while installing the driver then it works normally!
Well, yes, if you disable signature enforcement or enter test mode, then none of this is necessary. But, of course, you can't ask clients to do that.