Submit binaries to be retail signed
This topic reviews the overall steps required to retail sign binary files that will be included in a retail image. All files that ship with a Windows 10 Mobile device must be signed with Microsoft retail certificates. If any required files are not signed with a Microsoft retail certificate, a "Not For Resale" message is displayed during the boot-up sequence.
Microsoft also signs all requests for updates before they are available to devices, using the same tools and a very similar process.
The overall signing process includes the following steps:
The OEM creates a retail image that contains binaries and packages that have been properly test signed with certificates provided by Microsoft. For more info, see Code signing.
The OEM creates and submits a code signing submission by using the OEM ingestion tool. For more info about this tool, see Submitting the binaries to Microsoft later in this topic.
Microsoft ingests, validates, and re-signs the submission with retail certificates. For more info how to use the Ingestion Client, see Ingestion Client.
After Microsoft signs the binaries with retail certificates, the OEM can securely download the signed binaries and add them to the retail image.
Preparing the binaries for submission
Use the ingestion client to prepare packages for submission to Microsoft for signing. The following items are required for each submission:
Properly prepared retail packages. Packages with the release type attribute of Test cannot be used in a retail image. For more info about packages, see Creating packages.
A targeting information package that has the required metadata.
Verify that the other requirements have been met.
Access to the completed retail build output.
For more info how to use the Ingestion Client, see Ingestion Client.
Submit the binaries to Microsoft
When a device is ready for manufacturing, the OEM must use the OEM ingestion client to submit every OEM-owned package included in the shipping device to Microsoft for retail signing.
After the ingestion client is installed, the ingestion client cmdlets are used to prepare and submit the binary files to Microsoft for signing. The following is a summary of the process used.
Test sign the binaries properly. For more info, see Code signing. The retail signing process examines the files and uses the type of test certificate that was used for test signing to control the final retail signing.
Build an image that includes the retail files that you want to be retail signed. For more info, see Windows Imaging and Configuration Designer.
Flash the test signed image to a phone and verify that it behaves as expected. For more info, see Windows Imaging and Configuration Designer. If any changes are required to the test signed image, rebuild the entire image as described in the previous step.
Create a zip file for submission using build output files such as UpdateHistory.xml.
Submit the files to Microsoft to be signed . When the files are sent to be signed, a ticket number is returned that will be used in the next step.
Note
Record the ticket number that is returned and information associated with this build, such as the firmware version. The ticket number will be used in the future when creating updates for this retail image.
Retrieve the signed files using the ticket number.
Important
Secure the retail signed binaries using industry best practices.
Unzip the returned file that contains the signed packages. Replace the existing packages with the signed ones in the retail image.
Rebuild the final retail image. For more information, see Windows Imaging and Configuration Designer.
Send the retail image catalog (.cat file) to Microsoft for retail signing.
Flash the final retail image to the phone. For more info, see Windows Imaging and Configuration Designer.
Verify that the retail image behaves as expected. Confirm that all driver and applications load, and that the performance of the signed image is as expected.
Related topics