After you get a WHQL certificate, you have to add SHA-256 /fd 256, /td 256 and external timestamp to the command-line.
If you don't add an external timestamp, the codesign is considered "no-good" so you must add /tr.
Example:
signtool.exe sign /v /n "YourDrivername" /fd sha256 /td sha256 /tr http://timestamp.example.com/rfc3161 DriverFile.sys
Assuming you have a smartcard and smartcard reader, you have to sign-in to the smartcard device, then sign the EXE.
If you have a laptop, you need carry a mobile smartcard reader.
Advice.
Carry the smartcard around with you... Don't leave it for someone to take it...
|