如何从Microsoft获得用于Windows 10的微型过滤器驱动程序的签名 [英] How to get sign my mini-filter driver for Windows 10 from Microsoft

问题描述

我创建了自己的微型过滤器驱动程序，例如mini-spy(例如 Windows驱动程序示例).现在，我已经完成驱动程序并使用我们自己的SHA-1公司证书签名.但仍然需要Microsoft登录才能在Windows 10计算机上运行.

I have created my own mini-filter driver like mini-spy (example from Windows-driver-samples). Now I've completed my driver and signed with our own SHA-1 company certificate. But still it needs Microsoft sign to run in windows 10 machines.

我在互联网上搜索了签署我的司机的信息.但这误导了我.如何从Microsoft签署我的驱动程序?

I have searched in internet for signing my driver. But it misleads me. How to sign my driver from Microsoft?

推荐答案

是的，新的驱动程序签名系统是一个庞大的PITA，这使得很难与CI集成并进行正确检查.这也造成了混乱的链接和过时的信息页面，特别是如果添加了SHA1弃用的话.

Yes, the new signing system for drivers is a massive PITA that makes it very difficult to integrete with CI and properly check. It's also a mess of broken links and outdated information pages, especially if you add in the deprecation of SHA1.

所需步骤为:

• 编译驱动程序
• 使用非EV SHA1证书进行签名(很难从供应商处获得证书，但是如果您必须支持较旧的系统，则必须这样做，因为许多Windows 7的补丁不足以支持SHA2)./li>
• 使用SHA2 EV证书再次签名(这是强制性的)
• 生成正确的.cab文件
• 转到此页: https://developer.microsoft.com/zh-我们/windows/硬件
• 单击仪表板->单击登录->进行所有实际登录步骤
• 第一次，您会在左边留下一个黑色的可折叠栏...这很正常.忽略它并在主页上滚动，然后单击硬件".
• 您将需要创建一个Azure AD目录才能继续，您可能必须注册该目录.如果您正在使用组织的帐户(可能有其他AzureAD并且不想混合帐户)，则这尤其是PITA.帐户最终激活后(可能需要一段时间)，它将再次转到登录Azure AD.但是，当您单击它时，它将重定向到上一页，因此，当您单击下一步时，它将重定向到您所在的同一页面.
• 注销并使用您刚刚创建的Azure AD帐户登录....这将重定向到eh合作伙伴页面，而不是开发人员页面.您实际上不能从这里(afaik)进入开发门户，但是现在可以忽略此页面并转到 https://developer.microsoft.com/zh-cn/windows/hardware 直接，当您进入仪表板时，它应该使用相同的会话.
• 这一次您应该在黑条上有CSP.忽略它，然后再次转到硬件.
• 现在您将不得不填写更多数据，例如电话，实际地址等.
• 现在，您将必须下载文件.您将不得不使用还可以下载的工具对其进行签名(这只是常规的signtool).签名并上传.
• 通过验证后，您可以单击下一步".
• 您现在可以进入其中包含实际内容的仪表板.

• Compile your driver
• Sign it with SHA1 certificate, non-EV (it's getting difficult to get these from vendors, but if you have to support older systems, it's a must, since plenty of Windows 7 are not patched enough to support SHA2).
• Sign it again, using SHA2 EV cert (this is the obligatory one)
• Generate a proper .cab file
• Go to this page: https://developer.microsoft.com/en-us/windows/hardware
• Click on Dashboard -> Click on Sign In -> Go for all the steps to actually sign in
• The first time you will have a black collapsable bar to left... that's normal. Ignore it and scroll on the main page and click on Hardware.
• You will need to create an Azure AD directory to continue, which you will probably have to register. This is especially a PITA if you are using the account of your org, which may have other AzureADs and don't want to mix accounts. When the account finally activates (may take a while), it will go again to the Sign In for Azure AD. But when you click it, it will redirect to the previous page, so when you click next, it will redirect to the same page you are....
• Instead of that silly loop, log out and log in with the Azure AD account you just created.... This will redirect to eh partner page instead of the dev one. You can't really go to the dev portal from here (afaik), but you can now ignore this page and go to https://developer.microsoft.com/en-us/windows/hardware directly, when you enter the dashboard it should be using the same session.
• This time you should have CSP on your black bar. Ignore it, and go to hardware again.
• Now you will have to fill even more data, like phone, physical address etc.
• Now you will have to download a file. You will have to sign it with the tool you can also download (it's just the regular signtool). Sign it and upload it.
• Once it's verified, you can click Next.
• You can now enter to the dashboard with actually things in it.

• 现在提交新硬件
• 现在只需遵循UI，这部分就很简单:为其命名，添加.cab，选择签名等.您可能可以忽略Distibution部分.根据驱动程序，您可能需要添加硬件测试内容.几分钟后，您终于可以下载驱动程序了.

这篇关于如何从Microsoft获得用于Windows 10的微型过滤器驱动程序的签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！