Signing the drivers
How to sign the drivers for using it on Windows 7 and later?
The drivers must be signed using Microsoft Dev Portal. The old approach with cross-certificates doesn't work anymore.
To sign a driver:
- Get a EV code signing certificate.
- Register on
Dev Portal:
https://developer.microsoft.com/dashboard
- Prepare .cab archive with the driver and some inf file.
- Upload and
sign the cab on the portal using attestation signing.
To prepare the cab files required for signing via Microsoft Dev Portal it is possible to use this set of scripts:
http://netfiltersdk.com/download/dist_sign.zip
Note that Certificate Authorities currently sell certificates signed with SHA-2 algorithm. Old versions of Windows 7, including SP1 without updates, support only SHA-1. So it is necessary to require installation of all Windows updates on Windows 7, or at least the required update:
https://docs.microsoft.com/en-us/security-updates/securityadvisories/2015/3033929