Re: Windows driver signing certificate purchase decision for WinPcap and Npcap

[Pascal Quantin <pascal.quantin () gmail com>]

Hi all,

in my company we just received the following email from Symantec indicating
that the EV signing will soon be mandatory:

"On October 27, 2015, all new Kernel and User Mode driver submissions will
need to be made via the Windows Hardware Developer Center Dashboard portal
and signed by an Extended Validation (EV) code signing certificate. The EV
code signing certificate requirement is to ensure that publisher private
signing keys are stored securely on hardware tokens and organizations
undergo a comprehensive and thorough authentication process. These EV code
signing features increase the integrity of software assets that run on
Windows 10 Operating System.

Please note that these requirements are specific to the Windows 10 launch.
Drivers that were signed and running on older versions of Windows will not
require EV code signing. These drivers will pass signing checks to enable
backward compatibility.

An EV code signing certificate enables you to perform all Microsoft driver
signings regardless of which release it is, whereas a standard code signing
certificate may limit your options."

Best regards,
Pascal.

2015-08-03 10:17 GMT+02:00 Yang Luo <hsluoyb () gmail com>:

> FYI, the result turns out to be that the old non-EV cert can be used to
> sign a driver that is used for Win10 after Win10 RTM release. I built Npcap
> 0.03 r3 today and tested it against Win10 RTM x64, and it installs
> successfully and runs well. It's a pity that I didn't buy a 3-year cert,
> but the good new is that I can still use this old one for future releases.
>
>
> Cheers,
> Yang
>
> On Wed, Jul 22, 2015 at 3:06 PM, Graham Bloice <
> graham.bloice () trihedral com> wrote:
>
> > On 22 July 2015 at 07:59, Yang Luo <hsluoyb () gmail com> wrote:
> >
> > > Hi,
> > >
> > > I have found this link:
> > > https://www.osr.com/blog/2015/03/18/microsoft-signatures-required-km-drivers-windows-10/,
> > > in which it says: "*These requirements only apply to Windows 10 and
> > > later.  In fact, Microsoft plans to offer a bit of a grace period: Drivers
> > > signed before Windows 10 RTM will be able to use the older signing
> > > mechanisms.  But once Windows 10 ships, if you want your driver to run on
> > > Windows 10 desktop systems, you’ll need to (a) get an EV certificate, (b)
> > > using that signature submit your driver to sysdev to get Microsoft’s
> > > signature.*"
> > >
> > > So unfortunately, I think an EV cert has become a necessity for us to
> > > sign a driver for Win10 after Win10 RTM release date.
> > >
> > > Cheers,
> > > Yang
> > That's quite an old blog entry (March)  and from a 3rd party, although
> > OSR are a well respected company in the driver world.
> >
> >
> > --
> > Graham Bloice
> >
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> > Archives:    https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >              mailto:wireshark-dev-request () wireshark org
> > ?subject=unsubscribe
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe