rpavlik
commented
8 years ago Glad you've found it useful! I'd be excited to hear/see what you're working on!
CDC devices no longer need an inf in Windows 10, and I'm pretty sure UVC devices, as long as they report the right class IDs, shouldn't need an inf even in earlier versions of Windows (there's a class usbvideo.inf generic file) unless you're doing fancy stuff like this https://msdn.microsoft.com/en-us/library/windows/hardware/ff568123
If you look for "signing inf files" you should be able to find what you need - I think starting around here: https://msdn.microsoft.com/en-us/library/windows/hardware/ff544865(v=vs.85).aspx
(If you find the exact or best/good page, please re-open this, or pull request and I'll stick it in the docs since that's a very good question - when I was working on this actively I had windows and windows, each with probably 15 tabs open, all to MSDN on driver-related things, so I wasn't in a good position to be able to think of "this is the one link about signing requirements")
Win10 increases the requirements for kernel-mode drivers, but these are just inf files using microsoft-written kernel mode drivers, so you don't need an EV cert (at least, I haven't). We used DigiCert for the CA. If you poke around that web site, there is a link that if you take it from Microsoft's site instead of starting right at DigiCert, you can get a pretty good discount on the certs, but it still is a few hundred bucks.
The other alternative, depending on your security view of things, is using something like libwdi (which generates locally a one-time-use signing cert on the end-user machine to sign a driver, trust it, and install it, then destroys the private key). I made a few changes in a fork of libwdi to be able to do that to install CDC drivers on devices that had the wrong VID/PID without signing them with our "good" cert - see https://github.com/sensics/ForceInstallCDC (my little quickie app, apache 2.0) and https://github.com/sensics/libwdi (the libwdi fork it uses, which is lgpl 3 IIRC). Wasn't my preferred way to go, since I can manually install the driver for the right vid/pid on the wrong one after clicking past a warning or two, but couldn't find a way to automated that path (and would ideally like to have the counterpart program to remove the driver and trusted cert once the firmware update to fix the vid/pid has been flashed), but it's certainly a method, and seems to be widely used for the libusb drivers that libwdi is primarily designed for. (Like I said, I had to fork it to be able to install a lowly cdc inf).
On the topic of VID/PID - don't poach somebody else's - if you're truly OSHW, OpenMoko (a rather-defunct open smartphone project) has a process you can go through to get one of theirs assigned to you. (which I just heard about a few days ago)
Hopefully this helps! Please keep in touch - I'd love to hear what other open source hardware OSVR is helping to support/enable! My email is at my website ryanpavlik.com or you can email the OSVR email list, or just right to me: ryan at sensics followed by dot and com of course.
mithro
This looks like exactly what I need for Windows users of my open hardware products (being CDC and UVC devices, they don't need anything under other operating systems). However, I don't really understand much about how you go about getting the signing certificates needed. Any chance you could provide a link to some documentation? I assume there is some horrible procedure with Microsoft?
Thanks for this awesome work!