The Windows Hardware Dev portal has added some new checkboxes:
“Perform test-signing for Win10 and above” and “Perform test-signing for OS below Win10 (legacy).” Putting aside their over-hyphenation for a moment, does anyone have any idea what these do? (I’ve likely figured out the former.)
I’ve been speculating that the legacy entry is equivalent to a WHQL Test Signature (https://docs.microsoft.com/en-us/windows-hardware/drivers/install/whql-test-signature-program), but I’ve been unable to get it to work, so I don’t know for sure. I did upload a CAB that would be suitable for attested signing, but it was just returned to me, repacked but with no other modifications.
For the Win10 entry, I did get it to work. In addition to the normal driver Enhanced Key Usages, I also see Lifetime Signing (1.3.6.1.4.1.311.10.3.13) and Preview Build Signing (1.3.6.1.4.1.311.10.3.27). This allows me to load this test-signed driver with “bcdedit /set {current} flightsigning on” without having to turn Secure Boot off and enable test signing mode.
Has anyone else experimented with these options? Anyone stumbled across docs for them?