Driver signing

I am more than a bit confused by code signing, especially as it relates to MS’s 64-bit driver signing requirements for Vista.

Is a Comodo certificate adequate for this? If so, where and how does one obtain MS’s “cross-certificate” for Comodo?

If not, is this something Comodo will be offering soon?

Thanks in advance for any light shed on the subject…

We’ll check with Microsoft and come back to you on this.

We haven’t forgotten this - still knock, knock, knocking on Bill’s door.

He only thinks he’s God, Paulo, he doesn’t actually live there. :wink:

(I’m trying hard to avoid a thread hijack, but you just reminded me of the old Bill Gates joke

Besides, if Bill really were God, we’d have a SMITE key on our keyboards and the START button would be labelled “In the Beginning …” :smiley:

My applications already failed to work on Windows Vista RC1 , because of Driver Module Signing Enforcement by Microsoft. It uses a Filtered File System that must be loaded as a Driver. Its not a surprize that you have confused ADS as I am a littel more confused too :slight_smile:
After reading too many technical documents behind the net about the stuff , this for example from osronlie, and the test walktrough for Driver Signing from Microsoft , I’ve managed to sign the drivers with in test mode with test certification. What I underestood is : They need a Class 3 Certification ID to sign the codes in order to load. MS documents deadly suggest VeriSign Code Signing Certificate for most steps. Their examples , the WHQL requirements and etc suggest the VeriSign Code Signing Service.
Anyway , for sure , we have to purchase a certification for code signing , Its about 3 days that I am reading and reading and testing. I want to know the same in fact , that if Comodo’s code signing certificate can be used to sign the drivers on Vista ( 32 bit on my Case ) or not.

related links :


Its almost two months since I first asked about this, and I’m still hoping/waiting for an answer. Its more urgent now that RC1 is released, and the BCDedit option to permanently disable sign checks is no longer available.

The OSR article greenway linked to suggests that Microsoft’s list of “trusted” CAs has been expanded beyond Verisign. Can anyone from Comodo confirm if Comodo is on the list or not?

Yet , the Disable Sign Checking Enforcement option exists on RC1 , using F8 at boot menu. But it will be removed on release. I’ve checked installed Certificates at Trusted Root Certification Authorities today, the default installed one are from VeriSign , Microsoft and Thawte.
I am waiting too. The Release will be very soon on 30th January 2007 ( Even Closer at the End of November for Organizations ) , So all the one who want to support it from the first release must hurry up.

Can anyone from Comodo confirm if Comodo is on the list or not?

We cannot provide a code signing certificate to do this.

Microsoft are not allowing us to join their program to do this, at this

This is what Microsoft told us regarding 64bit Vista kernel code signing.

At the moment, we are not accepting new CAs to issue certificates for 64bit Vista kernel code signing. The current set of CAs was selected based on the CAs currently used by our hardware and software partners. We will consider extending the list of CAs once the new Enhanced Validation guidelines is ready and CAs begin to issue EV code signing certificates.

Not good news, but thanks for following up, and posting MS’s response verbatim.