How to Release-Sign a Driver Package
This section provides the basic steps that you have to follow when you release-sign a driver package. This includes the following:
Obtaining a Software Publisher Certificate (SPC) from a commercial certificate authority (CA).
Release-signing the driver package's catalog file.
Release-signing a driver through an embedded signature. You have to embed a digital signature within the driver if the driver is a boot-start driver.
Each topic in this section describes a separate procedure in the release-signing process, and provides the general information that you have to understand about the procedure. In addition, each topic points you to other topics that provide detailed information about the procedure.
Note This section discusses the steps involved when a driver publisher has to manually release-sign a driver package. The Hardware Certification Kit (HCK) has test categories for a variety of device types. If a test category for the device type is included in this list, the driver publisher should obtain a WHQL release signature for the driver package instead of manually release-signing the driver package.
Throughout this section, separate computers are used for the various processes involved in release-signing a driver. These computers are referred to as follows:
This is the computer that is used to release-sign a driver package for Windows Vista and later versions of Windows. This computer must be running Windows XP SP2 or later versions of Windows. To use the driver signing tools, this computer must have the Windows Vista and later versions of the Windows Driver Kit (WDK) installed.
When discussing the release-signing process, the topics of this section use the ToastPkg sample driver package. Within the WDK installation directory, the ToastPkg driver package is located in the src\general\toaster\toastpkg directory.
This section contains the following topics: