Before distributing your driver, you may digitally sign it using Microsoft's
Authenticode mechanism, and/or certify it by submitting it to Microsoft's Windows Certification Program
Some Windows operating systems, such as Windows 7, do not require installed drivers to be digitally signed or certified. Only a popup with a warning will appear There are, however, advantages to getting your driver digitally signed or fully certified, including the following:
64-bit versions of Windows 8 and higher require Kernel-Mode Code Signing (KMCS) of software that loads in kernel mode. This has the following implications for WinDriver-based drivers:
|During driver development, please configure your Windows OS to temporarily allow the installation of unsigned drivers.|
For more information about digital driver signing and certification, refer to the following documentation in the Microsoft Development Network (MSDN) library:
|Some of the documentation may still use old terminology. For example, references to the Windows Logo Program (WLP) or to the Windows Hardware Quality Labs (WHQL) or to the Windows Certification Program or to the Windows Hardware Certification Kit (HCK) should be replaced with the Windows Hardware Lab Kit (HLK), and references to the Windows Quality Online Services (Winqual) should be replaced with the Windows Dev Center Hardware Dashboard Services (the Hardware Dashboard).|
The Microsoft Authenticode mechanism verifies the authenticity of a driver's
provider. It allows driver developers to include information about themselves
and their code with their programs through the use of digital signatures, and
informs users of the driver that the driver's publisher is participating in an
infrastructure of trusted entities.
The Authenticode signature does not, however, guarantee the code's safety or functionality.
The WinDriver\redist\windrvr1411.sys driver has an Authenticode digital signature.
Microsoft's Windows Certification Program (previously known as the Windows Logo Program (WLP)), lays out procedures for submitting hardware and software modules, including drivers, for Microsoft quality assurance tests. Passing the tests qualifies the hardware/software for Microsoft certification, which verifies both the driver provider's authenticity and the driver's safety and functionality.
To digitally sign and certify a device driver, a Windows Hardware Lab Kit (HLK) package, which includes the driver and the related hardware, should be submitted to the Windows Certification Program for testing, using the Windows Dev Center Hardware Dashboard Services (the Hardware Dashboard).
Jungo's professional services unit provides a complete Windows driver
certification service for Jungo-based drivers. Professional engineers
efficiently perform all the tests required by the Windows Certification Program, relieving customers
of the expense and stress of in-house testing. Jungo prepares an HLK / HCK
submission package containing the test results, and delivers the package to the
customer, ready for submission to Microsoft.|
For more information, refer to https://www.jungo.com/st/services/windows_drivers_certification/.
For detailed information regarding Microsoft's Windows Certification Program and the certification process, refer to the MSDN Windows Hardware Certification page — https://msdn.microsoft.com/library/windows/hardware/gg463010.aspx — and to the documentation referenced from that page, including the MSDN Windows Dev Center — Hardware Dashboard Services page page — https://msdn.microsoft.com/library/windows/hardware/gg463091.
As indicated above
The driver certification and signature procedures — either via
Authenticode or the Windows Certification Program — require the creation of a catalog file
for the driver. This file is a sort of hash, which describes other files. The
signed windrvr1411.sys driver is provided with a matching catalog file
This file is assigned to the
CatalogFile entry in the
windrvr1411.inf file (provided as well in the redist directory). This
entry is used to inform Windows of the driver's signature and the relevant
catalog file during the driver's installation.
When the name, contents, or even the date of the files described in a driver's
catalog file is modified, the catalog file, and consequently the driver
signature associated with it, become invalid. Therefore, if you select to
rename the windrvr1411.sys driver
In addition, when using WinDriver to develop a driver for your Plug-and-Play device, you normally also create a device-specific INF file that registers your device to work with the windrvr1411.sys driver module (or a renamed version of this driver). Since this INF file is created at your site, for your specific hardware, it is not referenced from the windrvr1411.cat catalog file and cannot be signed by Jungo a priori.
When renaming windrvr1411.sys and/or creating a device-specific INF file for your device, you have two alternative options regarding your driver's digital signing:
Submit your driver to the Windows Certification Program, or have it Authenticode signed.
Note that while renaming WinDriver\redist\windrvr1411.sys nullifies the driver's digital signature, the driver is still compliant with the certification requirements of the Windows Certification Program.
To digitally sign/certify your driver, follow these steps:
CatalogFileentry in your driver's INF file(s). (You can either change the
CatalogFileentry in the windrvr1411.inf file to refer to your new catalog file, and add a similar entry in your device-specific INF file; or incorporate both windrvr1411.inf and your device INF file into a single INF file that contains such a
Submit your driver to Microsoft's Windows Certification Program or for an Authenticode signature.
If you wish to submit your driver to the Windows Certification Program, refer to the
additional guidelines in
Note that many WinDriver customers have already successfully digitally signed and certified their WinDriver-based drivers.
As indicated in Microsoft's documentation, before submitting the driver for testing and certification you need to download the Windows Hardware Certification Kit (HCK), and run the relevant tests for your hardware/software. After you have verified that you can successfully pass the HCK tests, create the required logs package and proceed according to Microsoft's documentation. For more information, refer to the MSDN Windows Hardware Certification Kit (HCK) page — https://msdn.microsoft.com/library/windows/hardware/hh833788.