The process is documented here, just make sure you look at the Windows 10 link in the WHQL section because the rest of it routes you to a regular code signing cert but the windows 10 section notes that you need an EV certificate and gets you to the start point for the rest of the process. https://docs.microsoft.com/en-us/windows-hardware/drivers/develop/signing-a-driver-for-public-release Justin On Aug 16, 2017, at 15:21, Jim Brain <brain@jbrain.com <mailto:brain@jbrain.com> > wrote: I am already a sole proprietorship (dba, with US Tax ID). Are there documents or forms you can send to me to get this started (and see if I need to create an LLC just ot be considered)? I think it would be best to create a code signing cert just to remove the concerns. Jim > On August 16, 2017 at 2:55 PM Justin <shadow@darksideresearch.com <mailto:shadow@darksideresearch.com> > wrote: > > > On Aug 16, 2017, at 2:32 PM, Spiro Trikaliotis <ml-cbmhackers@trikaliotis.net <mailto:ml-cbmhackers@trikaliotis.net> > wrote: > > > > Hello Jim, > > > > * On Wed, Aug 16, 2017 at 08:12:43AM -0500 Jim Brain wrote: > >> On 8/16/2017 3:12 AM, smf wrote: > >> > >> > >>> On 15/08/2017 20:54, Spiro Trikaliotis wrote: > >>> > >>> we will not be able to > >>> > >>> create a valid signature anymore. Windows will be completely left out. > >>> > >>> At least, this was the state when I last checked the Windows 10 signature. > >>> > >>> Is that a problem that can be solved with money? > > > > Partially yes, but not only. > > > > The problem is: Last time I checked, an individual could not get the > > proper certificate. You had to have a company running in order to get > > it. > > For Windows 10 you to need to have an extended validation code signing certificate which would normally be issued to a company. Digicert sells EV certificates for $224/year for example - including a hardware token for storing the key and certificate. You can then register with the Microsoft hardware developer program after you create a (free) Azure AD account. Creating an LLC in many states can be done line in maybe 5 minutes and for a fee of about $100. If you jump through these hoops one of the nicer features is that your WHQL driver would be loaded automagically from Microsoft on connection of the hardware, and you could push driver updates through Windows update, which would be a pretty nice customer experience. Having someone in the community who can sign drivers would enable a much improved user experience for everyone. > > >> I offered to buy the proper cert, and I think Nate may have offered help as > >> well. > > > > I am sorry: You are right, I totally forgot about this offer! > > > > At the moment, I do not think we actually need it, but it might become > > necessary in the future. > > I don’t have a zoomfloppy so big grain of salt here, but I won’t install unsigned drivers in anything other than a VM and even then I hesitate since Xen is a client escape vulnerability train wreck. Apple is also tightening the screws further soon - beyond just requiring kexts to be signed. > > Justin Message was sent through the cbm-hackers mailing list Message was sent through the cbm-hackers mailing listReceived on 2017-08-16 20:04:02
Archive generated by hypermail 2.2.0.