AFAIK you need a kernel mode signing cert, but the proof is in testing on the OS in question
Are kernal mode signing capabilities required to sign a cat file when the inf file references a windows *.sys file?
As I understand, as of 2021, drivers that run in kernal mode will need to be signed by microsoft by submitting test results to the hardware program. What if I just want to sign a "driver package" ie. inf/cat file that references an already signed kernal mode windows driver such as usbser.sys? Microsoft documentation doesnt seem to cover this case.
I am hoping to sign cat file with a standard code signing certificate purchased from a CA after the Microsoft Root Trust Program no longer supports signing certificates with kernal mode signing capabilities.
Thank you
3 answers
Sort by: Newest
-
-
Doron Holan 1,801 Reputation points
2021-10-15T00:07:03.497+00:00 A driver package is an INF and all the other files referenced by it. The signing policy applies to the import and apply of a driver package (as dictated by the INF), regardless of what the INF does. An INF that installs an inbox driver on a device is a driver package.
-
Doron Holan 1,801 Reputation points
2021-10-14T17:45:09.027+00:00 The signing policy is the same for all driver packages, regardless of what they install (a third party km or um driver or an in box driver).