Changes between Version 2 and Version 3 of libwdi/signed_driver_walkthrough

Timestamp:

02/08/11 12:21:14 (2 years ago)

Author:

pbatard

Comment:

--

libwdi/signed_driver_walkthrough

@@ -7 +7 @@
 == Prerequisites ==
 
- 1. A set of driver binaries, along with a static inf file matching the devices you plan to support (autogenerated inf from libwdi will not work as they would need to be signed on the fly, meaning that the private key used for signing would no longer be private)
- 1. A valid driver signing certificate.
- 1. The latest source of libwdi and one of the supported libwdi development environments
- 1. The latest WDK
+ 1. A set of driver binaries, along with a static inf file matching the devices you plan to support (the inf that libwdi generates cannot work, as it would then need to be signed on the fly, meaning that that you would have to embed the private key used for signing in your application, with is not something you should ever do)
+ 1. A valid driver signing certificate (see "Obtaining a driver signing certificate")
+ 1. The latest libwdi source, and one of the supported libwdi development environments. Since you will also need the latest WDK below, it might be a good idea to use it as your development environment
+ 1. The [http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=36a2630f-5d56-43b5-b996-7633f2ec14ff latest WDK]
 
-For the purpose of this exercise, I will be using the OpenOCD libusb-win32_ft2232_driver files as well as driver signing credentials obtained from GlobalSign [TODO: detail the files obtained]
+For the purpose of this exercise, I will be using the OpenOCD libusb-win32_ft2232_driver files as well as driver signing credentials obtained from GlobalSign [TODO: detail the files obtained], and the development environment with be WDK 7.0.0.
 
 == Obtaining a driver signing certificate ==
 
-To be able to digital sign drivers, you need a Microsoft Authenticode code signing certificate.
+To be able to digitally sign a Windows driver, you need a Microsoft Authenticode code signing credential. A credential consists of a public key, embedded in a public certificate, containing your trusted third party verified information, as well as the matching private key, which is used to encrypt to be decrypted using the public key.
 
-Most of the driver signing credentials I am aware of seem to originate either from [http://www.verisign.com/ VeriSign] or [http://www.globalsign.com/ GlobalSign]. There are probably other Certification Authorities providing these services, but these are the two that would be the most commonly used. Note that driver signing certificates can only be delivered to registered companies, which the Certification Authority will check, so individual users cannot purchase driver signing certificate (although this may have changed).
+Most of the driver signing credentials I am aware of seem to originate either from [http://www.verisign.com/ VeriSign] or [http://www.globalsign.com/ GlobalSign]. This does not mean that they are the only Certification Authorities providing these services, but they are the two that appear to be most commonly used.
+
+An important point to be aware of is that that driver signing certificates can only be delivered to registered companies, which the Certification Authority will check, therefore individual users, who don't have their own registered company, cannot usually purchase driver signing certificate. Of course, you can check with the Certification Authority to find out what their delivery requirements are.
 
 '''Verisign'''
@@ -26 +28 @@
 '''Globalsign'''
 * More expensive the first year, but cheaper in the long run: $229/year
-* More non-US friendly
+* More friendly to non-US based customers
 
-From the date of registration, delivery of your certificate can take from a few days, to a few weeks, so bear that in mind.
+From the date of registration, delivery of your certificate can take from a few days, to a few weeks.
 
 == Signing the driver binaries ==