Further questions about the Windows 10 driver signing process RRS feed

  • Question

  • I posted a question about the "what is the windows 10 driver signing process". Tim Roberts provided an answer. Thanks for his great information. On top of this answer, I have some further questions:

    [TR]If your clients do not have "Secure Boot" set in the BIOS, then the Windows 10 signing policy is exactly identical to the Windows 7 signing policy.  Sign with your cert, plus a Microsoft cross-cert.

    [JZ]In this case, do you mean we can sign our drivers for Windows 7. 8.x and 10 with our existing SHA-1 certificate? Currently, our drivers are not submitted to Microsoft after we sign them with SHA-1. Do we have to submit the drivers to Microsoft for signing? What do you mean "plus a Microsoft cross-cert"?

    Because our current SHA-1 certificate will be expired November 2017, we have to get a new certificate later this year. Can we continue to obtain SHA-1 certificate? If not, what certificate we have to get?

    [TR]If your clients have "Secure Boot" set, then starting with the 1607 Windows 10 release, your driver must be signed by Microsoft.  If you go through the full HLK testing, then you can get your package signed for all the Windows versions you need.  If you don't want to do that, you can submit for "attestation signing".  You submit your driver package through the Dashboard, but without the testing results.  The only downside is that the driver package you get back is authorized ONLY for Windows 10.  It will not load on earlier systems.

    [JZ]In this case, if we want to do the "attestation signing" for Windows 10, can we sign our drivers for Windows 7 and 8.x with our existing SHA-1 certificate? Do we have to submit the drivers for Windows 7 and 8.x to Microsoft for signing?

    I understand that with full HLK testing we can sign our drivers for all Windows versions. But we do not want to go into this pass unless it is the only option.We hope we can continue to sign our drivers with the existing SHA-1 signing process, and adding an extra attestation signing for Windows 10.


    Wednesday, July 12, 2017 1:19 PM

All replies

  • I'm have a related problem, trying to figure out how to do attestation signing.  I've looked at numerous links on this but all of the info seems to be out-of-date or incomplete.  

    Anyone have better info?

    Wednesday, April 3, 2019 10:39 PM