How to Release-Sign a Driver Package
This section provides the basic steps that you have to follow when you release-sign a driver package. This includes the following:
Obtaining a Software Publisher Certificate (SPC) from a commercial certificate authority (CA).
Release-signing a driver binary through an embedded signature. You have to embed a digital signature within the driver binary if the driver binary is a boot-start driver.
Preparing a driver package for release-signing. This includes creating a catalog file, which contains the digital signature for the driver package.
Release-signing the driver package's catalog file.
Each topic in this section describes a separate procedure in the release-signing process, and provides the general information that you have to understand about the procedure. In addition, each topic points you to other topics that provide detailed information about the procedure.
Note This section discusses the steps involved when a driver package publisher has to manually release-sign a driver package. The Hardware Certification Kit (HCK) has test categories for a variety of device types. If a test category for the device type is included in this list, the driver publisher should obtain a WHQL release signature for the driver package instead of manually release-signing the driver package.
Throughout this section, separate computers are used for the various processes involved in release-signing a driver package. These computers are referred to as follows:
Signing computer
This is the computer that is used to release-sign a driver package for Windows Vista and later versions of Windows. This computer must be running Windows XP SP2 or later versions of Windows. To use the driver signing tools, this computer must have the Windows Vista and later versions of the Windows Driver Kit (WDK) installed.
Test computer
This is the computer that is used to install and test the release-signed driver package. This computer must be running Windows Vista or later versions of Windows.
When discussing the release-signing process, the topics of this section use the ToastPkg sample driver package. Within the WDK installation directory, the ToastPkg driver package is located in the src\general\toaster\toastpkg directory.
This section contains the following topics:
Obtaining a Software Publisher Certificate (SPC)
Creating a Catalog File for Release-Signing a Driver Package
Release-Signing a Driver Package's Catalog File
Release-Signing a Driver Through an Embedded Signature
Verifying the Release-Signature
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for