Questions regarding Windows driver signing

Hello @Nikhil Raj ,

Thank you for reaching out and choosing to clarify these details during your early planning phase.

I suggest reviewing the answers below, along with the corresponding Microsoft documentation for your reference.

1. Certificates: Where to get an EV Code Signing Certificate? To register for the Windows Hardware Developer Program and submit drivers, you must use an Extended Validation (EV) Code Signing Certificate. Microsoft does not sell these directly, but you can purchase them from Microsoft-trusted Certificate Authorities (CAs).

• Documentation: Manage code signing certificates
• Documentation: Where to get EV Certificates

2. Signing: Who applies the final digital signature? Microsoft applies the final digital signature. You will use your EV Code Signing Certificate to initially sign your driver submission package (the .cab or .hlkx file) to prove your identity to the dashboard. Once submitted and validated, Microsoft regenerates the catalog (.cat) files and applies the final Microsoft embedded signature so that the Windows OS consistently trusts the driver.

• Documentation: Driver signing options and best practices

3. Process: Attestation Signing vs. WHQL Certification Since your target includes both Endpoints and Servers, understanding the difference in requirements is critical:

• Attestation Signing: This is an automated signing process primarily used for testing purposes. It does not require passing detailed Hardware Lab Kit (HLK) tests. However, Attestation signing only supports Windows 10/11 Desktop editions. It does not support Windows Server and cannot be published to Windows Update for retail audiences.
• Full WHQL Certification: This requires you to test your driver using the Windows Hardware Lab Kit (HLK). WHQL tested drivers are the recommended method because they support both Windows Endpoints and Windows Server, and they are fully eligible for publishing to Windows Update.
• Documentation for Attestation: Attestation sign Windows drivers
• Documentation (WHQL/HLK): WHQL Release Signature and Windows Hardware Lab Kit Docs

4. Timelines: Expected Turnaround While Microsoft doesn't provide a guaranteed SLA for all submissions, the generally expected process operates as follows:

• Attestation Submissions: Because it skips the long manual HLK logs verification, the Partner Center mostly processes these packages automatically. Approval and signing are typically very fast (often within hours).
• WHQL / HLK Submissions: Processing time in the hardware dashboard itself is usually responsive. However, the longest phase is strictly on the developer's end: performing the mandatory Hardware Lab Kit (HLK) passes locally could take several days depending on system complexity before you even submit the packages to Microsoft.
• Documentation on Submissions / Publishing: Publish a driver to Windows Update and Create a hardware submission

I hope this gives your team a clear roadmap for the deployment of your new driver. If you found my response helpful or informative, I would greatly appreciate it if you could follow this guide for your confirmation.

Thank you.

One additional thing worth mentioning is that Microsoft now strongly recommends using the HLK + WHQL path for any production driver intended for enterprise or server environments, even if Attestation Signing initially seems faster. WHQL certification generally provides better long-term compatibility, smoother Windows Update distribution, and fewer trust issues with enterprise security policies.

Also, keep in mind that EV certificates are mainly required for Partner Center identity verification and secure submission workflows. After submission, Microsoft re-signs the final package, but maintaining proper versioning, INF configuration, and HLK test consistency is still critical to avoid delays during approval.