8-bit Knowledge Base

    Publish
     
      • What is the difference between release signing a driver and HCK/WHQL?

        Silicon_Labs | 05/149/2013 | 08:09 PM
        Question

         

        What is the difference between release signing a driver and HCK/WHQL?




        Answer

         

         

        Driver Signing and Certificates

        Silicon Labs provides several drivers that have passed the Microsoft HCK (previously known as WHQL) process. At the end of this testing process, Microsoft signs the driver release with their own certificate to indicate that the driver has passed testing. If the user customizes a stock Silicon Labs driver, for example, by modifying the Vendor ID and Product ID in the driver INF file, then the driver signature is no longer valid, and the result is that the driver is 'unsigned'. Different versions of Windows will treat unsigned drivers differently. On most 32-bit versions, Windows will warn the user and allow them to install an unsigned driver. On newer versions of Windows and most 64-bit versions, the OS will not allow unsigned drivers to be installed at all.

         


         

        Release Signing

        Perhaps the easiest method to sign a driver release is to 'release sign' the driver using a software publisher certificate (SPC) issued by a Microsoft approved Certificate Authority (CA) such as Verisign. In this method, the developer purchases an SPC from a CA and uses this certificate and Microsoft's signing tools to digitally sign the driver release. When end-users install a release signed driver, they will see a prompt asking them to allow installation of a driver from the SPC owner.

         


         

        Windows Logo Certification (HCK)

        In order to get full Windows driver logo certification, the driver must be subject to testing and approval by Microsoft. A driver will be tested and signed for specific versions of Windows. After passing the logo testing, the driver will be signed by Microsoft, which will allow the driver to be installed on the specific versions of Windows without any warnings or certificate prompts. Windows logo certification is the highest form of driver signing and has many benefits over simply release signing a driver. See a comparison below.

         


         

        Release Signing Advantages



        • Less expensive than Windows Logo Certification, costs include:

          • Yearly cost of a software publisher certificate (SPC)
        • Release signing can be completed by a single party, the owner of the SPC being used to release sign the driver.

         


         

        Release Signing Disadvantages



        • Requires several Windows tools and is an involved process.
        • For quiet driver installs, the SPC public certificate must be installed on the end-user machine prior to running the driver installer.
        • Driver installs on Windows XP may display a warning stating that the driver has not passed Windows Logo Certification.

         


         

        Windows Logo (HCK/WHQL) Signing Advantages



        • Devices that pass the HCK/WHQL process are eligible to use the Windows logo and marketing text.
        • Windows XP driver installations won’t display a warning indicating that the device driver has not passed logo certification.
        • Driver catalog is signed by WHQL (Microsoft) rather than a third party company.

         


         

        Windows Logo (HCK/WHQL) Signing Disadvantages



        • More expensive, costs include:

          • Yearly cost of a software publisher certificate (SPC)
          • Cost of HCK/WHQL process charged by Microsoft for operating systems (OS) being certified
        • Three parties are involved in the WHQL process:

          • Microsoft
          • Silicon Labs
          • Silicon Labs customer reselling Silicon Labs devices

         


         

        References

        Kernel-Mode Code Signing Walkthrough
        http://msdn.microsoft.com/en-US/library/windows/hardware/gg487328

        Driver Signing Requirements for Windows
        http://msdn.microsoft.com/library/windows/hardware/gg487317

        Digital Signatures for Kernel Modules on Windows
        http://msdn.microsoft.com/en-us/windows/hardware/gg487332.aspx

        Windows Software Development Kit (SDK) for Windows 8
        http://msdn.microsoft.com/en-us/windows/desktop/hh852363.aspx

        Windows Driver Kit (WDK)
        http://msdn.microsoft.com/en-us/library/windows/hardware/gg487428.aspx

        Cross-Certificates for Kernel Mode Code Signing
        http://msdn.microsoft.com/en-us/library/windows/hardware/gg487315.aspx



      • Where can I get Help with WHQL, Driver Signing, and DPInst?

        Silicon_Labs | 05/137/2013 | 05:07 PM
        Question

         


        Where can I get Help with WHQL, Driver Signing, and DPInst?




        Answer

         


        Several steps in the process of creating a customized driver are owned and supported by 3rd parties. Below are links to documentation and support that may be helpful if problems are encountered during that process. 


        WHQL:


        Microsoft support can answer questions on the WHQL process, WHQL pricing, and the sysdev.microsoft.com web interface. They can be contacted by emailing support@sysdev.microsoft.com.


         


        Signatures and Certificates:


        Help with VeriSign certificates can be obtained through either VeriSign or Symantec depending on which the certificate was purchased from.


        http://www.verisign.com/support/index.html?tid=gnps


        http://www.symantec.com/support/contact_techsupp_static.jsp


        DPInst:


        Support for DPInst is provide by Microsoft and can be found


        The primary documentation for DPInst is located here:


        http://msdn.microsoft.com/en-us/library/windows/hardware/ff544842(v=vs.85).aspx