Version 5 (modified by 5 years ago) (diff) | ,
---|
Introduction
Different Windows versions have different kernel-mode signing options:
- Windows 7/8/8.1/Server 2012r2
- Cross-signing
- WHQL-certified (HCR)
- Windows 10 desktop
- Attestation signing
- WHQL-certified (HLK)
- Windows Server 2016/2019
- WHQL-certified (HLK)
HLK testing environment
HLK testing always requires a HLK Controller/Studio? node, plus one or more HLK clients.
According to practical testing done by wintun developers it is possible to get a code signature that is valid for all Windows 10 platforms using the following HLK clients:
- HLK controller: Windows Server 2016
- HLK clients
- Windows Server 2019 (64-bit)
- Windows Server 2019 core (64-bit)
- Windows 10 desktop (32-bit)
Wintun was able to pass HLK testing without any physical HLK clients. But due to wintun's narrower scope it had to pass much fewer HLK tests (~50 in total) than tap-windows6.
For tap-windows6 testing a couple of extra nodes are needed:
- OpenVPN server
- Support machine: required by some of the HLK tests
Generic LAN testing prerequisites probably apply as well.
External links
- puppet-hlk: Puppet module for setting up HLK controllers and HLK clients
- Windows Virtual Hardware Lab Kit
- https://aka.ms/HLKPlaylist Compatibility Play Lists (Understanding is these are the only ones necessary to get signed)