Re: Some release signing questions

[Owen Smith <owen.smith@xxxxxxxxxx>]

Hi,

1. You need a reserved range if you ever intend to release via Windows Update, and only the reserved ID can be released via Windows Update.

2. I haven't run HLK tests on pure Xen driver builds, but have for XenServer patched builds (our patches are mainly XenServer specific modifications and those pending submission/approval). The process is relatively simple for the most part, though network and storage do require additional configuration and tests. The HLK has a downloadable playlist that limits the tests to only those required for submission.

After a submission is accepted, there is an option to download the complete signed package - this is MS signed and will install into non-testsigned OSs, and is all that is required if your distributing drivers yourself - there is an additional option to distribute via Windows Update, which needs to be restricted to your reserved device IDs.

Owen

On Mon, Jul 8, 2024 at 3:00 PM Rafał Wojdyła <omeg@xxxxxxxxxxxxxxxxxxxxxx> wrote:

Hi,

I'm wondering what's the best way to have the current pvdriver packages
release-signed. I understand we'd need to submit our own signed drivers
to MS, but I have two technical questions:

1. To avoid conflicts with other certified drivers we'd need to bind to
different PCI device IDs, correct? Should we request our own range as
described here
https://xenbits.xen.org/docs/unstable/man/xen-pci-device-reservations.7.html
?

2. Is there a list of HLK tests that were run for the previous
Xen-provided release builds? I've never went through the full HCK
certification process before, but I did run some tests with HLK
(although not in a real Xen environment).

--
Rafał Wojdyła
Invisible Things Lab