Wireshark-dev: Re: [Wireshark-dev] Windows driver signing certificate purchase decision for Win

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Thu, 1 Oct 2015 13:33:42 +0200
Hi all,

in my company we just received the following email from Symantec indicating that the EV signing will soon be mandatory:

"On October 27, 2015, all new Kernel and User Mode driver submissions will need to be made via the Windows Hardware Developer Center Dashboard portal and signed by an Extended Validation (EV) code signing certificate. The EV code signing certificate requirement is to ensure that publisher private signing keys are stored securely on hardware tokens and organizations undergo a comprehensive and thorough authentication process. These EV code signing features increase the integrity of software assets that run on Windows 10 Operating System.

Please note that these requirements are specific to the Windows 10 launch. Drivers that were signed and running on older versions of Windows will not require EV code signing. These drivers will pass signing checks to enable backward compatibility.

An EV code signing certificate enables you to perform all Microsoft driver signings regardless of which release it is, whereas a standard code signing certificate may limit your options."

Best regards,
Pascal.

2015-08-03 10:17 GMT+02:00 Yang Luo <hsluoyb@xxxxxxxxx>:

FYI, the result turns out to be that the old non-EV cert can be used to sign a driver that is used for Win10 after Win10 RTM release. I built Npcap 0.03 r3 today and tested it against Win10 RTM x64, and it installs successfully and runs well. It's a pity that I didn't buy a 3-year cert, but the good new is that I can still use this old one for future releases.


Cheers,
Yang

On Wed, Jul 22, 2015 at 3:06 PM, Graham Bloice <graham.bloice@xxxxxxxxxxxxx> wrote:


On 22 July 2015 at 07:59, Yang Luo <hsluoyb@xxxxxxxxx> wrote:
Hi,

I have found this link: https://www.osr.com/blog/2015/03/18/microsoft-signatures-required-km-drivers-windows-10/, in which it says: "These requirements only apply to Windows 10 and later.  In fact, Microsoft plans to offer a bit of a grace period: Drivers signed before Windows 10 RTM will be able to use the older signing mechanisms.  But once Windows 10 ships, if you want your driver to run on Windows 10 desktop systems, you’ll need to (a) get an EV certificate, (b) using that signature submit your driver to sysdev to get Microsoft’s signature."

So unfortunately, I think an EV cert has become a necessity for us to sign a driver for Win10 after Win10 RTM release date.

Cheers,
Yang



That's quite an old blog entry (March)  and from a 3rd party, although OSR are a well respected company in the driver world.


--
Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe