8-bit Knowledge Base

      • What is the difference between release signing a driver and HCK/WHQL?

        Silicon_Labs | 05/149/2013 | 08:09 PM


        What is the difference between release signing a driver and HCK/WHQL?




        Driver Signing and Certificates

        Silicon Labs provides several drivers that have passed the Microsoft HCK (previously known as WHQL) process. At the end of this testing process, Microsoft signs the driver release with their own certificate to indicate that the driver has passed testing. If the user customizes a stock Silicon Labs driver, for example, by modifying the Vendor ID and Product ID in the driver INF file, then the driver signature is no longer valid, and the result is that the driver is 'unsigned'. Different versions of Windows will treat unsigned drivers differently. On most 32-bit versions, Windows will warn the user and allow them to install an unsigned driver. On newer versions of Windows and most 64-bit versions, the OS will not allow unsigned drivers to be installed at all.



        Release Signing

        Perhaps the easiest method to sign a driver release is to 'release sign' the driver using a software publisher certificate (SPC) issued by a Microsoft approved Certificate Authority (CA) such as Verisign. In this method, the developer purchases an SPC from a CA and uses this certificate and Microsoft's signing tools to digitally sign the driver release. When end-users install a release signed driver, they will see a prompt asking them to allow installation of a driver from the SPC owner.



        Windows Logo Certification (HCK)

        In order to get full Windows driver logo certification, the driver must be subject to testing and approval by Microsoft. A driver will be tested and signed for specific versions of Windows. After passing the logo testing, the driver will be signed by Microsoft, which will allow the driver to be installed on the specific versions of Windows without any warnings or certificate prompts. Windows logo certification is the highest form of driver signing and has many benefits over simply release signing a driver. See a comparison below.



        Release Signing Advantages

        • Less expensive than Windows Logo Certification, costs include:

          • Yearly cost of a software publisher certificate (SPC)
        • Release signing can be completed by a single party, the owner of the SPC being used to release sign the driver.



        Release Signing Disadvantages

        • Requires several Windows tools and is an involved process.
        • For quiet driver installs, the SPC public certificate must be installed on the end-user machine prior to running the driver installer.
        • Driver installs on Windows XP may display a warning stating that the driver has not passed Windows Logo Certification.



        Windows Logo (HCK/WHQL) Signing Advantages

        • Devices that pass the HCK/WHQL process are eligible to use the Windows logo and marketing text.
        • Windows XP driver installations won’t display a warning indicating that the device driver has not passed logo certification.
        • Driver catalog is signed by WHQL (Microsoft) rather than a third party company.



        Windows Logo (HCK/WHQL) Signing Disadvantages

        • More expensive, costs include:

          • Yearly cost of a software publisher certificate (SPC)
          • Cost of HCK/WHQL process charged by Microsoft for operating systems (OS) being certified
        • Three parties are involved in the WHQL process:

          • Microsoft
          • Silicon Labs
          • Silicon Labs customer reselling Silicon Labs devices




        Kernel-Mode Code Signing Walkthrough

        Driver Signing Requirements for Windows

        Digital Signatures for Kernel Modules on Windows

        Windows Software Development Kit (SDK) for Windows 8

        Windows Driver Kit (WDK)

        Cross-Certificates for Kernel Mode Code Signing

      • Where can I get Help with WHQL, Driver Signing, and DPInst?

        Silicon_Labs | 05/137/2013 | 05:07 PM


        Where can I get Help with WHQL, Driver Signing, and DPInst?



        Several steps in the process of creating a customized driver are owned and supported by 3rd parties. Below are links to documentation and support that may be helpful if problems are encountered during that process. 


        Microsoft support can answer questions on the WHQL process, WHQL pricing, and the sysdev.microsoft.com web interface. They can be contacted by emailing support@sysdev.microsoft.com.


        Signatures and Certificates:

        Help with VeriSign certificates can be obtained through either VeriSign or Symantec depending on which the certificate was purchased from.




        Support for DPInst is provide by Microsoft and can be found

        The primary documentation for DPInst is located here: