Re: We now have an EV code signing certificate!

[Graham Bloice <graham.bloice () trihedral com>]

On 24 July 2015 at 21:24, Gerald Combs <gerald () wireshark org> wrote:

> Our (the Wireshark Foundation's) EV code signing certificate + token
> arrived today. I have successfully configured the token and used it to sign
> an executable.

Lots of new information here (
https://www.osr.com/blog/2015/07/24/questions-answers-windows-10-driver-signing/)
about the new driver signing (attestation) requirements.

Things I noted:

   1. Only EV certs from Digicert and Symantec are currently supported,
   Globalsign and Wosign are coming.  Where's ours from Gerald?
   2. It still looks like drivers can be cross-signed by the old MS certs
   if they were issued before Win 10 RTM, although this can be disabled by OS
   config changes.  Better grab one now for our EV cert.
   3. You must build a .cab file with the driver and a .INF (even if it's
   just a dummy) to submit.  Only one architecture (x86, x64) per .cab
   4. The new "attestation" signing is not currently supported by the REST
   API's, i.e. no programmatic signing yet.
   5. You can only "attest" sign a driver for Win 10.  Drivers for earlier
   OS's don't need attest signing, so a "universal" installer will have to
   include both pre-Win10 and Win10 packages.
   6. Server vnext will only support drivers that have been signed *and*
   passed the HLK tests.


-- 

Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe