Time needed: 30 minutes
This how-to will show you how to register with the Windows Hardware Developer Program. Registration with the Hardware Developer Program is required to sign both kernel-mode and user-mode drivers in Windows 10. To get started, you will need an EV code signing certificate and access to a global administrator account for your company’s Azure Active Directory.
- Navigate to Hardware Developer Program registration page.
Navigate to the Hardware Developer Program registration page. Review the requirements, then click the Next button.
- Sign into Azure AD.
Next, you must sign into your company’s Azure Active Directory with a global administrator account. Click the Sign into Azure AD button and login to the account.
- Enter your account details.
Enter your account country, company display name, and personal contact info, then click the Next button.
- Make sure you have an EV code signing certificate.
You will need an EV code signing certificate from an authorized CA (such as SSL.com) to register. Make sure you have your certificate ready before going on to the nest step. When you are ready, click the Next button.
- Download the signable file.
Click the link to download the signable file now.
- Make sure signtool.exe is installed.
signtool.exe is part of the Windows SDK. Download and install the SDK if you haven’t already.
- Sign the file.
Sign the file you downloaded in the previous step with your EV code signing certificate. For instructions on signing code with signtool.exe, please refer to SSL.com’s how-to, Using Your Code Signing Certificate.
- Upload signed file.
Drag your signed file to the labeled area on the page, or use the browse your files link to navigate to it.
- Success!
If everything has gone correctly, you should see a page showing information from the EV code signing certificate you used to sign the file provided by Microsoft. Review the information for correctness before completing your registration.
- Troubleshooting
If there is a problem with your signed file, you may be shown a message that “Your certificate’s CA root cert is not in the approved list of root certs.” If this happens, you should make sure that your code signing certificate is from a Microsoft-approved provider of EV code signing certificates. If you have multiple code signing certificates installed on your computer, you should make sure to specify an EV one to use for signing. Note that if your certificate is installed on a secure hardware token and you are not prompted to enter your PIN, it is a good sign that an incorrect certificate has been used for signing.
- Next steps.
Now that your organization is signed up with the Hardware Developer Program, you can start assigning roles to staff members and submitting drivers. Please see Microsoft’s documentation on Managing User Roles, Hardware Submissions, and Attestation signing a kernel driver for public release for more information. SSL.com’s Kernel-Mode Code Signing FAQ also includes answers to common questions about signing kernel-mode drivers.