The signing policy is the same for all driver packages, regardless of what they install (a third party km or um driver or an in box driver).
Are kernal mode signing capabilities required to sign a cat file when the inf file references a windows *.sys file?
As I understand, as of 2021, drivers that run in kernal mode will need to be signed by microsoft by submitting test results to the hardware program. What if I just want to sign a "driver package" ie. inf/cat file that references an already signed kernal mode windows driver such as usbser.sys? Microsoft documentation doesnt seem to cover this case.
I am hoping to sign cat file with a standard code signing certificate purchased from a CA after the Microsoft Root Trust Program no longer supports signing certificates with kernal mode signing capabilities.
Thank you
3 answers
Sort by: Most helpful
-
-
Doron Holan 1,801 Reputation points
2021-10-15T00:07:03.497+00:00 A driver package is an INF and all the other files referenced by it. The signing policy applies to the import and apply of a driver package (as dictated by the INF), regardless of what the INF does. An INF that installs an inbox driver on a device is a driver package.
-
Doron Holan 1,801 Reputation points
2021-10-15T18:55:40.087+00:00 AFAIK you need a kernel mode signing cert, but the proof is in testing on the OS in question