Version 5 (modified by Samuli Seppänen, 2 years ago) (diff)



Different Windows versions have different kernel-mode signing options:

  • Windows 7/8/8.1/Server 2012r2
    • Cross-signing
    • WHQL-certified (HCR)
  • Windows 10 desktop
    • Attestation signing
    • WHQL-certified (HLK)
  • Windows Server 2016/2019
    • WHQL-certified (HLK)

HLK testing environment

HLK testing always requires a HLK Controller/Studio? node, plus one or more HLK clients.

According to practical testing done by wintun developers it is possible to get a code signature that is valid for all Windows 10 platforms using the following HLK clients:

  • HLK controller: Windows Server 2016
  • HLK clients
    • Windows Server 2019 (64-bit)
    • Windows Server 2019 core (64-bit)
    • Windows 10 desktop (32-bit)

Wintun was able to pass HLK testing without any physical HLK clients. But due to wintun's narrower scope it had to pass much fewer HLK tests (~50 in total) than tap-windows6.

For tap-windows6 testing a couple of extra nodes are needed:

  • OpenVPN server
  • Support machine: required by some of the HLK tests

Generic LAN testing prerequisites probably apply as well.

External links