[wdmaudiodev] Re: How to sign up with MS with the Win10 driver no charge "attestment" option

  • From: Tim Roberts <timr@xxxxxxxxx>
  • To: "wdmaudiodev@xxxxxxxxxxxxx" <wdmaudiodev@xxxxxxxxxxxxx>
  • Date: Mon, 26 Oct 2015 10:51:52 -0700

Paul Titchener wrote:

We’re now shipping our software that includes a Win 10 signed driver
and for most users it working correctly, both for users that did an
upgrade to Win 10 and those that bought new Win 10 machines.

For now we detect the OS version during installation and Win 10
machines get drivers signed both by us and MS, other OS’s get the
drivers only signed by us.

But we’re occasionally hitting installation problems on some machines,
commonly (and maybe exclusively) Win7 ones, where they report that
they get a message about attempting to install an unsigned driver.

What certificate are you using on your 7/8 packages? Is it an SHA-1
cert or an SHA256 cert? As Tom pointed out, Win 7 users need a hotfix
installed in order to handle drivers signed with an SHA256 certificate.

Tim, you had mentioned that here is an approach to build a single
driver that installs both on Win 10 and Win 7, 8 and 8.1 machines.

I thought the way we were signing our drivers, which is to sign them
first with our cert before submitting to MS, was the method that
allowed this single install.

But Win 7 and Win 8 machines give us a bad cert message when we try to
install these dual signed drivers.

For a PnP driver package, this path has a problem. When you submit to
the attestation site, Microsoft replaces your CAT file with one that
targets Win 10 only. Installing that package on a Win 7 system (even
one with the hotfix) results in an error that "this package was not
tested on this version of Windows." Today, without going through WHQL,
there is no way to make a single PnP driver package that works on 10, 8
and 7.

Tim Roberts, timr@xxxxxxxxx
Providenza & Boekelheide, Inc.

Other related posts: