问题
I have created my own mini-filter driver like mini-spy (example from Windows-driver-samples). Now I've completed my driver and signed with our own SHA-1 company certificate. But still it needs Microsoft sign to run in windows 10 machines.
I have searched in internet for signing my driver. But it misleads me. How to sign my driver from Microsoft?
回答1:
Yes, the new signing system for drivers is a massive PITA that makes it very difficult to integrete with CI and properly check. It's also a mess of broken links and outdated information pages, especially if you add in the deprecation of SHA1.
The steps required are:
- Compile your driver
- Sign it with SHA1 certificate, non-EV (it's getting difficult to get these from vendors, but if you have to support older systems, it's a must, since plenty of Windows 7 are not patched enough to support SHA2).
- Sign it again, using SHA2 EV cert (this is the obligatory one)
- Generate a proper .cab file
- Go to this page: https://developer.microsoft.com/en-us/windows/hardware
- Click on Dashboard -> Click on Sign In -> Go for all the steps to actually sign in
- The first time you will have a black collapsable bar to left... that's normal. Ignore it and scroll on the main page and click on Hardware.
- You will need to create an Azure AD directory to continue, which you will probably have to register. This is especially a PITA if you are using the account of your org, which may have other AzureADs and don't want to mix accounts. When the account finally activates (may take a while), it will go again to the Sign In for Azure AD. But when you click it, it will redirect to the previous page, so when you click next, it will redirect to the same page you are....
- Instead of that silly loop, log out and log in with the Azure AD account you just created.... This will redirect to eh partner page instead of the dev one. You can't really go to the dev portal from here (afaik), but you can now ignore this page and go to https://developer.microsoft.com/en-us/windows/hardware directly, when you enter the dashboard it should be using the same session.
- This time you should have CSP on your black bar. Ignore it, and go to hardware again.
- Now you will have to fill even more data, like phone, physical address etc.
- Now you will have to download a file. You will have to sign it with the tool you can also download (it's just the regular signtool). Sign it and upload it.
- Once it's verified, you can click Next.
- You can now enter to the dashboard with actually things in it.
- Now Submit New hardware
- Now just follow the UI, this part is easy: Give it a name, add the .cab, choose the signing, etc etc. You can probably ignore the Distibution part. Depending on the driver you may need to add the hardware test stuff. It takes a few minutes and finally you will have your driver ready to download.
来源:https://stackoverflow.com/questions/52403581/how-to-get-sign-my-mini-filter-driver-for-windows-10-from-microsoft