Virtual Driver Certification

Hi All,

I have developed virtual driver for Windows 7,
Can you please provide me some hints on how to get it windows certified?
As I dont have physical hardware, I need to get certified only for software only driver,

Thanks for your help in advance,

Regards

What do you mean by “certified”? WHQL? Simply signing it for use on a 64 bit OS? If the former, take a look at the Windows Hardware Quality Labs website. If the latter, the search for KMCS here and on Google. You’ll need a certificate from a CA, which will cost money, and all applicable cross-certificates.

Gary G. Little

----- Original Message -----
From: xxxxx@gmail.com
To: “Windows System Software Devs Interest List”
Sent: Monday, August 8, 2011 8:15:47 AM
Subject: [ntdev] Virtual Driver Certification

Hi All,

I have developed virtual driver for Windows 7,
Can you please provide me some hints on how to get it windows certified?
As I dont have physical hardware, I need to get certified only for software only driver,

Thanks for your help in advance,

Regards


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Thanks Garry,

Thanks for the reply,
Sorry to create confusion
I would like to run software only driver (virtual driver) only, So, Do i
need to go for signing ( just to use it on 64 bit) or WHQL,?
Can you please provide some pointers, thanks,

Thanks,

Regards,

On Mon, Aug 8, 2011 at 2:38 PM, Gary G. Little wrote:

> What do you mean by “certified”? WHQL? Simply signing it for use on a 64
> bit OS? If the former, take a look at the Windows Hardware Quality Labs
> website. If the latter, the search for KMCS here and on Google. You’ll need
> a certificate from a CA, which will cost money, and all applicable
> cross-certificates.
>
> Gary G. Little
>
> ------------------------------
> *From: *xxxxx@gmail.com
> *To: *“Windows System Software Devs Interest List”
> *Sent: *Monday, August 8, 2011 8:15:47 AM
> *Subject: *[ntdev] Virtual Driver Certification
>
>
> Hi All,
>
> I have developed virtual driver for Windows 7,
> Can you please provide me some hints on how to get it windows certified?
> As I dont have physical hardware, I need to get certified only for software
> only driver,
>
> Thanks for your help in advance,
>
> Regards
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

My understanding is that it is sufficient to get approved certificate (from GlobalSign or Verisign) and appropriate cross-certificate and sign your driver .cat file with these and should work fine on any windows version.

Luke

That is not quite right since not all drivers have CAT files. I wrote a WFP driver that did not have a CAT since if I am not mistaken, CAT files are more for PCI drivers and WHQL.

Gary Little

On Aug 8, 2011, at 11:05 AM, xxxxx@hotmail.com wrote:

My understanding is that it is sufficient to get approved certificate (from GlobalSign or Verisign) and appropriate cross-certificate and sign your driver .cat file with these and should work fine on any windows version.

Luke


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

xxxxx@hotmail.com wrote:

My understanding is that it is sufficient to get approved certificate (from GlobalSign or Verisign) and appropriate cross-certificate and sign your driver .cat file with these and should work fine on any windows version.

That depends on your definition of “work fine”. There are two very
different signature checks. What you’re talking about satisfies KMCS,
which applies only to the 64-bit systems. It is not required on the
32-bit systems.

This does NOT satisfy the “unsigned driver” warning at installation
time, which applies to ALL systems. That requires submission to WHQL.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

xxxxx@gmail.com wrote:

I have developed virtual driver for Windows 7,
Can you please provide me some hints on how to get it windows certified?
As I dont have physical hardware, I need to get certified only for software only driver,

Not sure what you mean by “Windows certified”. Does your driver have an
INF and a CAT file? How is it installed? Unless it is a plug-and-play
device, there is no point in submitting for WHQL, because the
install-time signature check will not apply. Indeed, I’m not sure there
is even a WAY to submit a non-PnP driver to WHQL. All you need is the
KMCS signature, which you have already described.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Thank Tim, Ikurach and Gary,

I dont know much about driver signing,as I am a newbie in driver
development.

I am confused and sorry to ask you question again,

Let me explain the situation in detail,

I have developed a virtual device driver based on ELoMT sample and Wacom
sample.
I can install the drivers in 32 bit with warning message.
I have no issues with the warning message, if it shows on 64bit. Inorder to
install on 64bit, I need to disable driver enforcement in boot option and
this make it difficult for the customer to use it.

How can I solve it. Which license program should I go for it. I have no
issues if it shows warning message while installing the driver.

On the other hand ( I think this is optional), If I want to disable the
warning message while installing the driver, should I go for WHQL ( Is it
know as Windows Logo program? )

Thanks for your help and co - operation,

Thanks,

Regards,

On Mon, Aug 8, 2011 at 6:54 PM, Tim Roberts wrote:

> xxxxx@hotmail.com wrote:
> > My understanding is that it is sufficient to get approved certificate
> (from GlobalSign or Verisign) and appropriate cross-certificate and sign
> your driver .cat file with these and should work fine on any windows
> version.
>
> That depends on your definition of “work fine”. There are two very
> different signature checks. What you’re talking about satisfies KMCS,
> which applies only to the 64-bit systems. It is not required on the
> 32-bit systems.
>
> This does NOT satisfy the “unsigned driver” warning at installation
> time, which applies to ALL systems. That requires submission to WHQL.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

In order to install the driver at a customers site, without requiring the customer to disable signing on every boot, you have to at least sign the driver with a class-3 code signing certificate from either Verisign or Thawte. You also have to apply all applicable cross certificates to that driver, to which the CA you choose will provide a link.That’s on a 64 bit system. A 32 bit system will not squawk.

Gary G. Little

----- Original Message -----
From: “Vinayaka Pawate”
To: “Windows System Software Devs Interest List”
Sent: Monday, August 8, 2011 1:09:13 PM
Subject: Re: [ntdev] Virtual Driver Certification

Thank Tim, Ikurach and Gary,

I dont know much about driver signing,as I am a newbie in driver development.

I am confused and sorry to ask you question again,

Let me explain the situation in detail,

I have developed a virtual device driver based on ELoMT sample and Wacom sample.
I can install the drivers in 32 bit with warning message.
I have no issues with the warning message, if it shows on 64bit. Inorder to install on 64bit, I need to disable driver enforcement in boot option and this make it difficult for the customer to use it.

How can I solve it. Which license program should I go for it. I have no issues if it shows warning message while installing the driver.

On the other hand ( I think this is optional), If I want to disable the warning message while installing the driver, should I go for WHQL ( Is it know as Windows Logo program? )

Thanks for your help and co - operation,

Thanks,

Regards,

On Mon, Aug 8, 2011 at 6:54 PM, Tim Roberts < xxxxx@probo.com > wrote:

xxxxx@hotmail.com wrote:
> My understanding is that it is sufficient to get approved certificate (from GlobalSign or Verisign) and appropriate cross-certificate and sign your driver .cat file with these and should work fine on any windows version.

That depends on your definition of “work fine”. There are two very
different signature checks. What you’re talking about satisfies KMCS,
which applies only to the 64-bit systems. It is not required on the
32-bit systems.

This does NOT satisfy the “unsigned driver” warning at installation
time, which applies to ALL systems. That requires submission to WHQL.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Gary G. Little wrote:

In order to install the driver at a customers site, without requiring
the customer to disable signing on every boot, you have to at least
sign the driverwith a class-3 code signing certificate from either
Verisign or Thawte.

… or GlobalSign. That’s what I use.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

>That depends on your definition of “work fine”. There are two very
different signature checks. What you’re talking about satisfies KMCS,
which applies only to the 64-bit systems. It is not required on the
32-bit systems.

This does NOT satisfy the “unsigned driver” warning at installation
time, which applies to ALL systems. That requires submission to WHQL.

OK, so if my driver passes WHQL, doesn’t Microsoft send me a digital certificate I can use to sign my driver? If yes, is it neccessary to get a certificate for the driver from Verisign (or GlobalSign)?

I also noted that WHQL is expensive, you pay $$$ per OS!

On Tue, Aug 9, 2011 at 12:23 PM, wrote:

> >That depends on your definition of “work fine”. There are two very
> different signature checks. What you’re talking about satisfies KMCS,
> which applies only to the 64-bit systems. It is not required on the
> 32-bit systems.
>
> >This does NOT satisfy the “unsigned driver” warning at installation
> time, which applies to ALL systems. That requires submission to WHQL.
>
> OK, so if my driver passes WHQL, doesn’t Microsoft send me a digital
> certificate I can use to sign my driver? If yes, is it neccessary to get a
> certificate for the driver from Verisign (or GlobalSign)?
>
>
No they don’t send you a certificate IIRC they send you a signed catalog
that matches the driver package submitted. Any change to INF or binaries
required WHQL re-certification (although, certain small changes like adding
another device id to the INF cost less I think and don’t require retesting)

> I also noted that WHQL is expensive, you pay $$$ per OS!
>
>

Thanks for the detailed reply Tim,
I am a beginner in windows driver development, please excuse if my
questions sounds silly,

Does your driver have an INF and a CAT file?
I have a INF file,

[Version]
Signature=“$CHICAGO$”
Class=HIDClass
CatalogFile=kmdfsamples.cat

Unless it is a plug-and-play device, there is no point in submitting for
WHQL
It is a virtual driver, and it will be in the system all time, I use devcon
to remove or just go to driver manager and click on uninstall.

So, Only KMCS signature is OK for me?

I have another questions about WDK, I have read many questions on this forum
and to my understanding let put it down here,

Can we use WDK samples to develop the driver?
As per my understanding, we can use the sample code to develop the driver,
as long we ship only binaries and object to customer and NOT THE SOURCE
CODE,

As the licensing terms can be interpreted in many ways, I got confused.

I would really appreciate if you can provide some tips based on your
experience,

Thank you so much for help and support,

Thanks,

On Mon, Aug 8, 2011 at 6:56 PM, Tim Roberts wrote:

> xxxxx@gmail.com wrote:
> > I have developed virtual driver for Windows 7,
> > Can you please provide me some hints on how to get it windows certified?
> > As I dont have physical hardware, I need to get certified only for
> software only driver,
>
> Not sure what you mean by “Windows certified”. Does your driver have an
> INF and a CAT file? How is it installed? Unless it is a plug-and-play
> device, there is no point in submitting for WHQL, because the
> install-time signature check will not apply. Indeed, I’m not sure there
> is even a WAY to submit a non-PnP driver to WHQL. All you need is the
> KMCS signature, which you have already described.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Vinayaka Pawate wrote:

http:
>
> Unless it is a plug-and-play device, there is no point in submitting
> for WHQL
> It is a virtual driver, and it will be in the system all time, I use
> devcon to remove or just go to driver manager and click on uninstall.

How did you install it?

> So, Only KMCS signature is OK for me?

If you don’t care about the “unsigned driver” warning at install time,
then the KMCS signature is enough.

> I have another questions about WDK, I have read many questions on this
> forum and to my understanding let put it down here,
>
> Can we use WDK samples to develop the driver?
> As per my understanding, we can use the sample code to develop the
> driver, as long we ship only binaries and object to customer and NOT
> THE SOURCE CODE,
>
> As the licensing terms can be interpreted in many ways, I got confused.

I am not a lawyer. However, my personal understanding is that you
aren’t allowed to ship the source code unmodified. After all, the whole
POINT of the samples in the WDK is to provide working code for us to use
as a base to develop our own drivers. Virtually every driver ever
written started its life as a modified version of one of the WDK
samples. I have cut-and-pasted large sections of WDK sample code into
my own drivers, and I don’t feel guilty about it.

This is less of a concern now, since most of the repetitive boilerplate
is handled by KMDF.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.</http:>

xxxxx@hotmail.com wrote:

OK, so if my driver passes WHQL, doesn’t Microsoft send me a digital certificate I can use to sign my driver? If yes, is it neccessary to get a certificate for the driver from Verisign (or GlobalSign)?

Daniel is right. You send them your driver package and your passing
test logs. They send back your CAT file, signed by WHQL. That’s ALL
you get back. If you expect to do any reasonable testing, you will need
your own certificate for KMCS. I’m not sure it’s possible to do the
WHQL DTM testing without a signed driver; it reboots a number of times,
and you’d have to catch each one to disable the signature check.

I also noted that WHQL is expensive, you pay $$$ per OS!

Yes, $250 per OS family, last time I checked. You need to make
absolutely sure you want to go that route.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

>not mistaken, CAT files are more for PCI drivers and WHQL.

CAT files are for packages which include the INF file.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com