15.3. Windows Digital Driver Signing and Certification


	Chapter 15. Driver Installation — Advanced Issues

15.3.1. Overview

Before distributing your driver, you may digitally sign it using Microsoft's Authenticode mechanism, and/or certify it by submitting it to Microsoft's Windows Certification Program.
Some Windows operating systems, such as Windows XP, do not require installed drivers to be digitally signed or certified. There are, however, advantages to getting your driver digitally signed or fully certified, including the following:

Driver installation on systems where installing unsigned drivers has been blocked
Avoiding warnings during driver installation
Full pre-installation of INF files [15.1] on Windows XP and higher

64-bit versions of Windows Vista and higher require Kernel-Mode Code Signing (KMCS) of software that loads in kernel mode. This has the following implications for WinDriver-based drivers:

Drivers that are installed via an INF file must be distributed together with a signed catalog file (see details in Section 15.3.2).
Drivers that are not installed using an INF file — namely, Kernel PlugIn drivers — must contain an embedded driver signature.

For more information about digital driver signing and certification, refer to the following documentation in the Microsoft Development Network (MSDN) library:

Driver Signing Requirements for Windows
Introduction to Code Signing
Digital Signatures for Kernel Modules on Windows
This white paper contains information about kernel-mode code signing, test signing, and disabling signature enforcement during development.


Some of the documentation may still use old terminology. For example, references to the Windows Logo Program (WLP) or to the Windows Hardware Quality Labs (WHQL) should be replaced with the Windows Certification Program, and references to the Windows Quality Online Services (Winqual) should be replaced with the Windows Dev Center Hardware Dashboard Services (the Hardware Dashboard).

Some of the documentation may still use old terminology. For example, references to the Windows Logo Program (WLP) or to the Windows Hardware Quality Labs (WHQL) should be replaced with the Windows Certification Program, and references to the Windows Quality Online Services (Winqual) should be replaced with the Windows Dev Center Hardware Dashboard Services (the Hardware Dashboard).

15.3.1.1. Authenticode Driver Signature

The Microsoft Authenticode mechanism verifies the authenticity of a driver's provider. It allows driver developers to include information about themselves and their code with their programs through the use of digital signatures, and informs users of the driver that the driver's publisher is participating in an infrastructure of trusted entities.
The Authenticode signature does not, however, guarantee the code's safety or functionality.

The WinDriver\redist\windrvr6.sys driver has an Authenticode digital signature.

15.3.1.2. Windows Certification Program

Microsoft's Windows Certification Program (previously known as the Windows Logo Program (WLP)), lays out procedures for submitting hardware and software modules, including drivers, for Microsoft quality assurance tests. Passing the tests qualifies the hardware/software for Microsoft certification, which verifies both the driver provider's authenticity and the driver's safety and functionality.

To digitally sign and certify a device driver, a Windows Hardware Certification Kit (HCK) package, which includes the driver and the related hardware, should be submitted to the Windows Certification Program for testing, using the Windows Dev Center Hardware Dashboard Services (the Hardware Dashboard).


Jungo's professional services unit provides a complete Windows driver pre-certification service for Jungo-based drivers. Professional engineers efficiently perform all the tests required by the Windows Certification Program, relieving customers of the expense and stress of in-house testing. Jungo prepares an HCK submission package containing the test results, and delivers the package to the customer, ready for submission to Microsoft. For more information, refer to http://www.jungo.com/st/products/windriver/windriver_whql_certification.

Jungo's professional services unit provides a complete Windows driver pre-certification service for Jungo-based drivers. Professional engineers efficiently perform all the tests required by the Windows Certification Program, relieving customers of the expense and stress of in-house testing. Jungo prepares an HCK submission package containing the test results, and delivers the package to the customer, ready for submission to Microsoft.
For more information, refer to http://www.jungo.com/st/products/windriver/windriver_whql_certification.

For detailed information regarding Microsoft's Windows Certification Program and the certification process, refer to the MSDN Windows Hardware Certification page — http://msdn.microsoft.com/library/windows/hardware/gg463010.aspx — and to the documentation referenced from that page, including the MSDN Windows Dev Center — Hardware Dashboard Services page — http://msdn.microsoft.com/library/windows/hardware/gg463091.

15.3.2. Driver Signing and Certification of WinDriver-Based Drivers

As indicated above [15.3.1.1], The WinDriver\redist\windrvr6.sys driver has an Authenticode signature. Since WinDriver's kernel module (windrvr6.sys) is a generic driver, which can be used as a driver for different types of hardware devices, it cannot be submitted to Microsoft's Windows Certification Program as a standalone driver. However, once you have used WinDriver to develop a Windows driver for your selected hardware, you can submit both the hardware and driver for Microsoft certification, as explained below.

The driver certification and signature procedures — either via Authenticode or the Windows Certification Program — require the creation of a catalog file for the driver. This file is a sort of hash, which describes other files. The signed windrvr6.sys driver is provided with a matching catalog file — WinDriver\redist\wd1130.cat. This file is assigned to the CatalogFile entry in the windrvr6.inf file (provided as well in the redist directory). This entry is used to inform Windows of the driver's signature and the relevant catalog file during the driver's installation.

When the name, contents, or even the date of the files described in a driver's catalog file is modified, the catalog file, and consequently the driver signature associated with it, become invalid. Therefore, if you select to rename the windrvr6.sys driver [15.2] and/or the related windrvr6.inf file, the wd1130.cat catalog file and the related driver signature will become invalid.

In addition, when using WinDriver to develop a driver for your Plug-and-Play device, you normally also create a device-specific INF file that registers your device to work with the windrvr6.sys driver module (or a renamed version of this driver). Since this INF file is created at your site, for your specific hardware, it is not referenced from the wd1130.cat catalog file and cannot be signed by Jungo a priori.

When renaming windrvr6.sys and/or creating a device-specific INF file for your device, you have two alternative options regarding your driver's digital signing:

Do not digitally sign your driver. If you select this option, remove or comment-out the reference to the wd1130.cat file from the windrvr6.inf file (or your renamed version of this file).
Submit your driver to the Windows Certification Program, or have it Authenticode signed.
Note that while renaming WinDriver\redist\windrvr6.sys nullifies the driver's digital signature, the driver is still compliant with the certification requirements of the Windows Certification Program.
To digitally sign/certify your driver, follow these steps:
- Create a new catalog file for your driver, as explained in the Windows Certification Program documentation. The new file should reference both windrvr6.sys (or your renamed driver) and any INF files used in your driver's installation.
- Assign the name of your new catalog file to the CatalogFile entry in your driver's INF file(s). (You can either change the CatalogFile entry in the windrvr6.inf file to refer to your new catalog file, and add a similar entry in your device-specific INF file; or incorporate both windrvr6.inf and your device INF file into a single INF file that contains such a CatalogFile entry).
- Submit your driver to Microsoft's Windows Certification Program or for an Authenticode signature. If you wish to submit your driver to the Windows Certification Program, refer to the additional guidelines in Section 15.3.2.1.
  Note that many WinDriver customers have already successfully digitally signed and certified their WinDriver-based drivers.

15.3.2.1. HCK Test Notes

As indicated in Microsoft's documentation, before submitting the driver for testing and certification you need to download the Windows Hardware Certification Kit (HCK), and run the relevant tests for your hardware/software. After you have verified that you can successfully pass the HCK tests, create the required logs package and proceed according to Microsoft's documentation. For more information, refer to the MSDN Windows Hardware Certification Kit (HCK) page — http://msdn.microsoft.com/library/windows/hardware/hh833788.

When running the HCK tests, note the following:

The Driver Verifier test is applied to all unsigned drivers found on the test machine. It is therefore important to try and minimize the number of unsigned drivers installed on the test machine (apart from the test driver — windrvr6.sys).
The ACPI Stress test requires that the ACPI settings in the BIOS support the S3 power state.
Before submitting the file for certification you need to create a new catalog file, which lists your driver and specific INF file(s), and refer to this catalog file from your INF file(s), as explained above [15.3.2].


15.2. Renaming the WinDriver Kernel Driver		15.4. Windows XP Embedded WinDriver Component