[wdmaudiodev] Re: How to sign up with MS with the Win10 driver no charge "attestment" option

  • From: "Paul Titchener" <pt@xxxxxxxxxxx>
  • To: <wdmaudiodev@xxxxxxxxxxxxx>
  • Date: Mon, 26 Oct 2015 10:57:30 -0700

We’re detecting the OS during installation and only installing the MS SHA256
cert drivers on Win 10, earlier machines get drivers with just our SHA1 EV cert.

This scheme is working for most users but failing on some, the failure appears
to be occasionally happening on both Win10 and Win7 machines, the driver
install is attempted but the Device Manager thinks the driver is unsigned for
some reason.

Paul Titchener

From: Tim Roberts
Sent: Monday, October 26, 2015 10:51 AM
To: wdmaudiodev@xxxxxxxxxxxxx
Subject: [wdmaudiodev] Re: How to sign up with MS with the Win10 driver no
charge "attestment" option

Paul Titchener wrote:

We’re now shipping our software that includes a Win 10 signed driver and for
most users it working correctly, both for users that did an upgrade to Win 10
and those that bought new Win 10 machines.
For now we detect the OS version during installation and Win 10 machines get
drivers signed both by us and MS, other OS’s get the drivers only signed by us.
But we’re occasionally hitting installation problems on some machines,
commonly (and maybe exclusively) Win7 ones, where they report that they get a
message about attempting to install an unsigned driver.

What certificate are you using on your 7/8 packages? Is it an SHA-1 cert or an
SHA256 cert? As Tom pointed out, Win 7 users need a hotfix installed in order
to handle drivers signed with an SHA256 certificate.

Tim, you had mentioned that here is an approach to build a single driver that
installs both on Win 10 and Win 7, 8 and 8.1 machines.
I thought the way we were signing our drivers, which is to sign them first
with our cert before submitting to MS, was the method that allowed this single
But Win 7 and Win 8 machines give us a bad cert message when we try to
install these dual signed drivers.

For a PnP driver package, this path has a problem. When you submit to the
attestation site, Microsoft replaces your CAT file with one that targets Win 10
only. Installing that package on a Win 7 system (even one with the hotfix)
results in an error that "this package was not tested on this version of
Windows." Today, without going through WHQL, there is no way to make a single
PnP driver package that works on 10, 8 and 7.

Tim Roberts, timr@xxxxxxxxx
Providenza & Boekelheide, Inc.

Other related posts: