I'm trying to figure out how to certify/sign a Windows kernel driver, software only (no hardware device involved).
Do I have to test with the HLK to certify/sign a software-only driver or can I go with attestation signing, considering the driver should be installed on Windows Server machines?
According to https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/code-signing-reqs :
- "Attestation signing only works on Windows 10 Desktop and later versions of Windows. An attestation signed driver won't work for other versions of Windows, such as Windows Server 2016, Windows 8, or Windows 7."
- "If you wish to publish your driver to retail audiences, you must submit your driver through the Windows Hardware Compatibility Program (WHCP)."
- "Windows Server 2016 and greater will not accept attested device and filter driver signing submissions.
The dashboard will only sign device and filter drivers that have successfully passed the HLK tests.
Windows Server 2016 and greater will only load dashboard signed drivers that have successfully passed the HLK tests."
Also, according to https://learn.microsoft.com/en-us/windows-hardware/drivers/install/kernel-mode-code-signing-policy--windows-vista-and-later- :
"Starting with Windows 10, version 1607, Windows will not load any new kernel-mode drivers which are not signed by the Dev Portal. To get your driver signed, first Register for the Windows Hardware Dev Center program."
Since we want to have customers use the driver also on Windows Server 2016 potentially, to my understanding (which may be wrong) from the above, attestation signing will not be an option for us, correct? Any way we can go around HLK testing (again, software-only driver, no hardware involved).
Also, in case we do need to test with HLK, what is the criteria according to which it is decided how many dedicated physical client/target machines we need to test on? is it per major Windows version? minor version? something else?
Thanks and have a great weekend!