Solution:
Much of the information in this article was drawn from the Summary of Windows Kernel-mode Driver Signing Requirements article that can be found on the Microsoft web site at:
http://www.microsoft.com/whdc/winlogo/drvsign/drvsign_perOS.mspx.
The WHQL (Windows Hardware Quality Labs) driver signing process involves a driver qualification process followed by a submission to Microsoft. In addition to allowing the user to insure the validity of the driver source, this process is aimed at guaranteeing a positive experience with the driver. The qualification process involves a rigorous series of steps that test the driver’s interaction with a variety of standard operating system events. The goal of this process is to make sure that the driver will behave when integrated with the rest of the Operating System.
The signing process differs amongst the various operating systems. As such, users can expect to find a variety of different versions of the signed driver included with software distributions. Each of these drivers will consist of 3 components:
- The driver (.sys) file
- The driver information file (.inf) file
- The security catalog file (.cat) file
Driver signing requirements are dependent on the version of the operating system in question. Older versions of Windows made it possible to effectively work around these requirements. Although there are still configurations under which it is possible to get unsigned drivers to work with the latest generation of Windows, WHQL signing has effectively become a requirement.
The following table outlines the driver signing requirements:
|
Windows Operating System |
Unsigned
No signing process performed.
Priority 0 (lowest) |
Self-signed
Signed with a manually generated certificate.
Priority 1 |
Authenticode-signed
Signed with a certificate that was purchased from a known entity such as Verisign.
Priority 2 |
WHQL-signed
Signed by Microsoft.
Priority 3 (highest) |
|
2000 |
All Users: Warning issued before installing |
All Users: Warning issued before installing |
All Users: Warning issued before installing |
All Users: Clean install |
|
XP x86 |
All Users: Warning issued before installing |
All Users: Warning issued before installing |
All Users: Warning issued before installing |
All Users: Clean install |
|
XP x64
and
2003 Server |
All Users: Warning issued before installing |
All Users: Warning issued before installing |
All Users: Will install based on trust level and administrative settings. |
All Users: Clean install |
|
Vista x86 |
Normal Users: Cannot install
Administrator: Warning issued before installing. |
Normal Users: Cannot install
Administrator: Warning issued before installing. |
All Users: Will install based on trust level and administrative settings. |
All Users: Clean install |
|
Vista x64 |
All Users: Will only load on designated test machines. |
All Users: Will only load on designated test machines. |
All Users: Will install based on trust level and administrative settings. |
All Users: Clean install |
Which driver will be installed?
The decision process executed by the operating system when trying to decide between two drivers that are both compatible with the same device is not illustrated in the table above. The decision process can be summarized as follows:
- Select the driver that meets the highest priority class
- If the priority classes are the same, select a driver which explicitly names the device in the driver information file over one which uses a generic hardware identifier.
The details of this process are important to note because the installation of the wrong driver can result in a non-functional system.