Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

OSR Seminars


Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 4  
11 Jun 18 02:37
Jhon Doe
xxxxxx@gmail.com
Join Date: 22 May 2018
Posts To This List: 4
HLK Tests and EV certificate

Hi all, I currently have the following flow working : 1. Sign my binaries with the organization's certificate (specifically, EV certificate). 2. Run HLK tests on signed binaries 3. Create HLK project with HLK results and signed binaries, sign the package, and submit it to microsoft. 4. Get binaries signed with microsoft What I would like to know, is whether I can perform the tests, on binaries that are self signed with self created cross certificates (using makecert). And then in step 2, use those HLK results, along with the *Real "organization signed" binaries". That is, does microsoft only check that the underlining driver is the same between the HLK results and the submitted drivers is the same ? Or do they check that those are the same binaries *exactly* (including the signature). The reason that I am even asking, is that our signing machine is in a different networks. And in order to get back signed drivers into the network with the HLK it takes another "round" of bringing files back and forth, which I would be happy if we can do without. Thanks
  Message 2 of 4  
11 Jun 18 02:52
Tim Roberts
xxxxxx@probo.com
Join Date: 28 Jan 2005
Posts To This List: 12023
HLK Tests and EV certificate

On Jun 10, 2018, at 11:36 PM, xxxxx@gmail.com <xxxxx@lists.osr.com> wrote: > > What I would like to know, is whether I can perform the tests, on binaries that are self signed with self created cross certificates (using makecert). And then in step 2, use those HLK results, along with the *Real "organization signed" binaries". > > That is, does microsoft only check that the underlining driver is the same between the HLK results and the submitted drivers is the same ? Or do they check that those are the same binaries *exactly* (including the signature). In theory, the certificates are not included in the PE file checksum, and I believe that's what HLK uses to validate it is the same driver you tested. It is not strictly necessary to sign the binaries you send to the dashboard. You have to sign the HLK results, but WHQL is going to sign your binaries, create a new CAT, and sign that. ??? Tim Roberts, xxxxx@probo.com Providenza & Boekelheide, Inc.
  Message 3 of 4  
11 Jun 18 12:14
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6254
List Moderator
HLK Tests and EV certificate

What Mr. Robert's said is entirely correct. You *only* need the EV cert to prove who you are for your dashboard account. You can then use either that EV cert, or a non-EV cert (that you have ALSO registered with the dashboard) to sign submissions. As Mr. Roberts said, you *can* use your EV cert to sign your binaries... and there's really no reason not to. Peter OSR @OSRDrivers
  Message 4 of 4  
11 Jun 18 23:23
R0b0t1
xxxxxx@gmail.com
Join Date: 24 Mar 2017
Posts To This List: 127
HLK Tests and EV certificate

On Mon, Jun 11, 2018 at 11:14 AM, xxxxx@osr.com <xxxxx@lists.osr.com> wrote: > What Mr. Robert's said is entirely correct. > > You *only* need the EV cert to prove who you are for your dashboard account. You can then use either that EV cert, or a non-EV cert (that you have ALSO registered with the dashboard) to sign submissions. > > As Mr. Roberts said, you *can* use your EV cert to sign your binaries... and there's really no reason not to. > It's probably easier to revoke your non-EV certificate in the case the certificate is compromised.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 19:44.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license