March 6, 2006 - As you may know, it appears possible to Authenticode-sign
drivers on Windows Server 2003. After some failed attempts to sign a NDIS IM
driver here at PCAUSA, I have received confirmation that it is actually not
possible to Authenticode-sign NDIS IM drivers for Windows Server 2003.

The DDK is fairly confusing about using Authenticode to sign drivers on
Windows Server 2003 - but leads one to think that it is actually possible.
In the "Summary of Driver Signing Requirements and Related Installation
Actions" DDK topic is says this for Windows Server 2003:

"WHQL-class drivers can be installed in quiet-install mode. A WHQL signature
or Authenticode signature is required. (See Note 5.)"


This is certainly not true for NDIS miniport or NDIS IM drivers.


It really should say this for Windows Server 2003 (My words):

"If there is a WHQL test for the driver then it cannot be Authenticode
signed.".

Or put more succinctly:

"If you don't need a signature for your driver, then you can
Authenticode-sign it".


So, don't waste your time trying to Authenticode-sign a NDIS Intermediate
driver. It's a dead-end.

Regards,

Thomas F. Divine