Digital Signatures and PnP Device Installation (Windows Server 2003, Windows XP, and Windows 2000)
Plug and Play (PnP) device installation uses the digital signature of a driver package's catalog file to verify the identity of the publisher of the driver package and to determine whether the driver package was altered after it was published. PnP device installation supports the following types of signature types that can be used for drivers that are released to the general public. Such signatures are collectively referred to as release signatures.
WHQL release signatures that are generated by the Windows Hardware Quality Labs (WHQL). The Hardware Certification Kit (HCK) has test categories for a variety of device types. If a test category for the device type is included in this list, you should obtain a WHQL release signature.Note If you plan to install your digitally-signed driver package on Windows Server 2003, Windows XP, or Windows 2000, the INF file from your driver package must use a device setup class that is defined in %SystemRoot%/inf/Certclas.inf. Otherwise, Windows treats the driver package as unsigned.
For information about how PnP device installation handles WHQL release signatures, see Using WHQL Release Signatures to Authenticate Drivers (Windows Server 2003, Windows XP, and Windows 2000).
(Windows Server 2003 and Windows XP x64 Edition) Third-party release signatures that are generated by using a commercial release certificate that is obtained from a certification authority (CA) that is a member of the Microsoft Root Certificate Program.
For information about how Windows handles third-party release signatures, see Using Third-Party Release Signatures to Authenticate Drivers (Windows Server 2003 and Windows XP x64 Edition).
Drivers do not have to be signed during development and test prior to obtaining a WHQL release signature or prior to release-signing with a commercial release certificate. The action that PnP device installation takes to verify a driver signature is the same whether the driver is signed for public release or signed prior to release during the development and test phase.