During much of the development process, signing driver packages is unnecessary. Instead, developers can use one of several mechanisms to suppress digital signature enforcement on test systems. However, when the project approaches the end of a milestone, the package must be signed in one of the following ways:
- Windows Logo Program. The publisher submits the driver package for the Windows Logo Program. Drivers that qualify for the logo receive a WHQL-signed .cat file. Note that publishers should have tested the package that before submitting it to the Windows Logo Program. In order to verify that the driver loads and operates correctly, publishers can sign the driver or driver catalog with the PIC. Note that boot driver binaries must include an embedded signature using a PIC before submission to the Logo or DRS programs.
- PIC-based signing. For drivers that do not qualify for the logo, the publisher can create a .cat file and sign it with the publisher’s PIC.
This seems to state pretty clearly that driver's can be signed via the WHQL program -- you don't have to have a Publisher Identity Certificate (PIC), whereas the Slashdot article stated "Vista driver developers must obtain a Publisher Identity Certificate (PIC) from Microsoft."
This caused me to reflect on the number of similarly inaccurate or just plain wrong stories that have been on Slashdot and sites like it (too many to list). I don't think they can claim to be better than the "real-world" journalists, but their effort is still impressive considering they don't pay for stories.
Update: I think I read the whole thing wrong and you do need a PIC. Oh well, Slashdot articles are still quite often inaccurate.
No comments:
Post a Comment