MicrosoftDocs
diff --git a/‎windows-driver-docs-pr/dashboard/code-signing-attestation.md‎
Lines changed: 33 additions & 35 deletions b/‎windows-driver-docs-pr/dashboard/code-signing-attestation.md‎
Lines changed: 33 additions & 35 deletions
diff --git a/‎windows-driver-docs-pr/dashboard/code-signing-cert-manage.md‎
Lines changed: 21 additions & 10 deletions b/‎windows-driver-docs-pr/dashboard/code-signing-cert-manage.md‎
Lines changed: 21 additions & 10 deletions
diff --git a/‎windows-driver-docs-pr/dashboard/code-signing-reqs.md‎
Lines changed: 20 additions & 11 deletions b/‎windows-driver-docs-pr/dashboard/code-signing-reqs.md‎
Lines changed: 20 additions & 11 deletions
@@ -1,28 +1,28 @@
 ---
 title: Attestation Sign Windows Drivers
-description: Sign a Windows driver by using attestation signing, create and sign the CAB file, submit and validate the signed file in the Partner Center, and test your driver on Windows.
+description: Sign a Windows driver by using attestation signing. Create and sign the CAB file, submit and validate the signed file in Partner Center, and test your driver.
 ms.date: 07/15/2025
 ms.topic: how-to
 ---
 
 # Attestation sign Windows drivers
 
-This article describes how to sign a driver by using attestation signing. For detailed information and requirements for attestation signing, see [Attestation signed drivers](driver-signing-offerings.md#attestation-signed-drivers-for-testing-scenarios).
+This article describes how to sign a driver by using attestation signing.
 
-> [!IMPORTANT]
-> As of March 1, 2023, attestation signed drivers that target retail audiences are no longer published on Windows Update. Support continues for attestation-signed drivers when testing scenarios with the **CoDev** or **Test Registry Key / Surface SSRK** options.
+> [!NOTE]
+> Attestation signed drivers that target retail audiences aren't published on Windows Update. Support continues for attestation-signed drivers when you're testing scenarios with the **CoDev** or **Test Registry Key / Surface SSRK** options.
 
 ## Prerequisites
 
-- Read and understand the requirements for [Attestation signed drivers](driver-signing-offerings.md#attestation-signed-drivers-for-testing-scenarios) for testing scenarios.
+- Read and understand the requirements for [attestation signed drivers](driver-signing-offerings.md#attestation-signed-drivers-for-testing-scenarios) for testing scenarios.
 
-- Register for the Hardware Developer program. If you aren't registered, follow the steps in [Register for the Microsoft Windows Hardware Developer Program](hardware-program-register.md).
+- Register for the Hardware Developer Program. If you aren't registered, follow the steps in [Register for the Microsoft Windows Hardware Developer Program](hardware-program-register.md).
 
 - You must have an extended validation (EV) code signing certificate. Check whether your organization already has a code signing certificate.
 
-   - If you have an existing certificate, make the certificate available.
-   
-   - If your organization doesn't have a certificate, [purchase an EV certificate](code-signing-reqs.md#ev-certificate-signed-drivers).
+  - If you have an existing certificate, make the certificate available.
+  
+  - If your organization doesn't have a certificate, [purchase an EV certificate](code-signing-reqs.md#ev-certificate-signed-drivers).
 
 - Download and install the Windows Assessment and Deployment Kit (Windows ADK) by following the process described in [Download and install the Windows ADK](/windows-hardware/get-started/adk-install).
 
@@ -34,13 +34,13 @@ The following procedure creates a CAB files submission by using the [Echo driver
 
 A typical CAB file submission must contain the following components:
 
-- The driver itself, for example *Echo.sys*.
+- The driver itself (for example, *Echo.sys*).
 
 - The driver INF (*.inf*) file used by the dashboard to facilitate the signing process.
 
-- The symbol file used for debugging information, such as *Echo.pdb*. The *.pdb* file is required for Microsoft's automated crash analysis tools.
+- The symbol file used for debugging information, such as *Echo.pdb*. The *.pdb* file is required for Microsoft automated crash analysis tools.
 
-- Catalog *.CAT* files are required and used for company verification only. Microsoft regenerates catalog files and replaces any catalog files submitted previously.
+- Catalog (*.cat*) files are required and used for company verification only. Microsoft regenerates catalog files and replaces any catalog files submitted previously.
 
 > [!NOTE]
 > Each driver folder in your CAB file must support the same set of architectures. For example, they must support x86, x64, or they must all support both x86 and x64.
@@ -73,7 +73,7 @@ To create the CAB file, follow these steps:
    /V[n]          Verbosity level (1..3).
    ```
 
-1. Prepare a cab file DDF input file. For the Echo driver in this example, the input might be similar to the following code:
+1. Prepare a CAB file device description framework (DDF) input file. For the Echo driver in this example, the input might be similar to the following code:
 
    ```ddf
    ;*** Echo.ddf example
@@ -120,13 +120,13 @@ To create the CAB file, follow these steps:
    Throughput:              86.77 Kb/second
    ```
 
-1. Locate the CAB file in the `Disk1` subdirectory. You can select the CAB file in File Explorer to verify it contains the expected files.
+1. Locate the CAB file in the `Disk1` subdirectory. You can select the CAB file in File Explorer to verify that it contains the expected files.
 
 ## Sign the CAB file with your EV certificate
 
-The next procedure step is to sign the CAB file with your EV certificate.
+The next step is to sign the CAB file with your EV certificate.
 
-Use the process recommended by your EV certificate provider. For example, to sign your CAB file with an SHA256 Certificate/Digest Algorithm/Timestamp, enter the following command:
+Use the process recommended by your EV certificate provider. For example, to sign your CAB file with an SHA256 timestamp, enter the following command:
 
 ```cmd
 C:\Echo> SignTool sign /s MY /n "Company Name" /fd sha256 /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp /td sha256 /v "C:\Echo\Disk1\Echo.cab"
@@ -135,17 +135,17 @@ C:\Echo> SignTool sign /s MY /n "Company Name" /fd sha256 /tr http://sha256times
 > [!IMPORTANT]
 > Remember to use industry best practices to manage the security of the EV code signing process.
 
-## Submit the EV signed Cab file in the Partner Center
+## Submit the EV signed CAB file in Partner Center
 
-After you sign the CAB file, you're ready to submit the file in the Partner Center:
+After you sign the CAB file, you're ready to submit the file in Partner Center:
 
-1. Go to the [Partner Center hardware dashboard](https://partner.microsoft.com/dashboard/hardware/Search) and sign in with your credentials.
+1. Go to the [Partner Center hardware dashboard](https://partner.microsoft.com/dashboard/hardware/Search), and sign in with your credentials.
 
-1. Select **Submit new hardware**:
+1. Select **Submit new hardware**.
 
    :::image type="content" source="./images/code-signing-attestation/hardware-list.png" alt-text="Screenshot of the list of hardware submissions.":::
 
-1. In the **Packages and signing properties** section, enter a product name for your driver submission. This name can be used to search for and organize your driver submissions.
+1. In the **Packages and signing properties** section, enter a product name for your driver submission. Use this name to search for and organize your driver submissions.
 
    > [!NOTE]
    > The name is visible when you share your driver with another company.
@@ -154,21 +154,21 @@ After you sign the CAB file, you're ready to submit the file in the Partner Cent
 
 1. For the **Requested Signatures** option, select the signatures to include in your driver package:
 
-   :::image type="content" source="./images/code-signing-attestation/attestation-flow.png" alt-text="Screenshot showing the options for submitting the Echo driver for signing.":::
+   :::image type="content" source="./images/code-signing-attestation/attestation-flow.png" alt-text="Screenshot that shows the options for submitting the Echo driver for signing.":::
 
 1. Select **Submit** at the bottom of the page.
 
-1. After the signing process completes, download your signed driver from the hardware dashboard.
+1. After the signing process finishes, download your signed driver from the hardware dashboard.
 
-## Validate the driver is properly signed
+## Validate that the driver is properly signed
 
-Confirm your driver was properly signed with these steps:
+Confirm that your driver is properly signed with these steps:
 
 1. After you download the submission file, extract the driver file.
 
 1. Open a Command Prompt window with Administrator privileges.
 
-1. Enter the following command to verify the driver is signed as expected:
+1. Enter the following command to verify that the driver is signed as expected:
 
    ```cmd
    C:\Echo> SignTool verify Echo.Sys
@@ -180,23 +180,23 @@ Confirm your driver was properly signed with these steps:
     C:\Echo> SignTool verify /pa /ph /v /d Echo.Sys
    ```
 
-1. To confirm the EKUs of the driver complete the following steps:
+1. To confirm the Enhanced Key Usages (EKUs) of the driver, complete the following steps:
 
    1. Open Windows Explorer and locate the binary file. Right-click the file and select **Properties**.
 
-   1. On the **Digital Signatures** tab, select the listed item in the Signature list.
+   1. On the **Digital Signatures** tab, select the listed item in the signature list.
 
    1. Select **Details**, and then select **View Certificate**.
 
    1. On the **Details** tab, select **Enhanced Key Usage**.
 
 The driver uses the following process when it resigns the driver:
 
-1. Append a Microsoft SHA2 embedded signature.
+1. Append a Microsoft SHA-2 embedded signature.
 
 1. If the driver binaries are embedded signed by the customer with their own certificates, overwrite the signatures.
 
-1. Create and sign a new catalog file with an SHA2 Microsoft certificate. The catalog replaces any existing catalog provided by the customer.
+1. Create and sign a new catalog file with an SHA-2 Microsoft certificate. The catalog replaces any existing catalog provided by the customer.
 
 ## Test your driver on Windows
 
@@ -210,17 +210,15 @@ Install the sample driver and test it on Windows:
    C:\Echo> devcon install echo.inf root\ECHO
    ```
 
-1. Confirm the driver install process doesn't show the following error message:
-
-   > _Windows can't verify the publisher of this driver software_ message._
+1. Confirm that the driver install process doesn't show the following error message: "Windows can't verify the publisher of this driver software."
 
 ## Create a submission with multiple drivers
 
 Submit multiple drivers at the same time by following these steps:
 
-1. Create a subdirectory for each driver:
+1. Create a subdirectory for each driver.
 
-   :::image type="content" source="./images/code-signing-attestation/multiple-driver-signing.png" border="false" alt-text="Diagram showing an example driver signing directory structure.":::
+   :::image type="content" source="./images/code-signing-attestation/multiple-driver-signing.png" border="false" alt-text="Diagram that shows an example driver signing directory structure.":::
 
 1. Prepare a CAB file DDF input file that references the subdirectories. For this example, the input might be similar to the following code:
 
 
@@ -9,29 +9,40 @@ ms.topic: how-to
 
 As a Partner Center administrator, you're responsible for adding, updating, and retiring driver certificates when they expire. This article describes how to get, add, and update code signing certificates to the hardware dashboard.
 
-For more information on rules for driver signing, see [Driver Signing changes in Windows 10, version 1607](https://techcommunity.microsoft.com/blog/windowshardwarecertification/driver-signing-changes-in-windows-10-version-1607/364894) in the [Windows Hardware Certification blog](https://techcommunity.microsoft.com/category/winhec-online/blog/windowshardwarecertification).
+For more information on rules for driver signing, see [Driver signing changes in Windows 10, version 1607](https://techcommunity.microsoft.com/blog/windowshardwarecertification/driver-signing-changes-in-windows-10-version-1607/364894) in the [Windows Hardware Certification blog](https://techcommunity.microsoft.com/category/winhec-online/blog/windowshardwarecertification).
 
 ## Prerequisites
 
-Register for the Hardware Developer program. If you're not registered, follow the steps in [How to register for the Microsoft Windows Hardware Developer Program](hardware-program-register.md).
+Register for the Hardware Developer Program. If you're not registered, follow the steps in [Register for the Microsoft Windows Hardware Developer Program](hardware-program-register.md).
 
 ## Get or renew a code signing certificate
 
 To get a new code signing certificate:
 
 1. Determine which certificate you need. To help you choose a certificate, see [Driver signing requirements](code-signing-reqs.md).
+
 1. If you're reusing a certificate, move on to step 5.
+
 1. If your organization doesn't have a certificate, you need to [purchase an EV certificate from a trusted vendor](code-signing-reqs.md#where-to-get-ev-code-signing-certificates).
-1. Once the certificate authority verifies your contact information and your certificate purchase is approved, follow their directions to retrieve the certificate.
-1. Go to [Partner Center](https://partner.microsoft.com/dashboard) and sign in using administrator credentials.
-1. Select the gear icon in the upper right, then select **Account Settings**, then **Manage Certificates** on the left side of the screen.
-1. Select **Add a new certificate**, then select **Next**.
-1. Download *Signablefile.bin* and sign it with the new digital certificate for your company using [SignTool](/windows/win32/seccrypto/signtool) with the `/fd sha256` switch and appropriate SHA-2 timestamp.
+
+1. After the certificate authority verifies your contact information and your certificate purchase is approved, follow their directions to retrieve the certificate.
+
+1. Go to [Partner Center](https://partner.microsoft.com/dashboard) and sign in by using your administrator credentials.
+
+1. Select the gear icon in the upper right, select **Account Settings**, and then select **Manage Certificates** on the left side of the screen.
+
+1. Select **Add a new certificate**, and then select **Next**.
+
+1. Download *Signablefile.bin*. Sign it with the new digital certificate for your company by using [SignTool](/windows/win32/seccrypto/signtool) with the `/fd sha256` switch and the appropriate SHA-2 timestamp.
+
 1. Upload the signed file to Partner Center.
 
 ## Retire a code signing certificate
 
-1. Go to [Partner Center](https://partner.microsoft.com/dashboard) and sign in using administrator credentials.
-1. Select the gear icon in the upper right, then select **Developer settings**, then **Manage Certificates** on the left pane.
-1. Move through the page to find the certificate you wish to remove.
+1. Go to [Partner Center](https://partner.microsoft.com/dashboard) and sign in by using your administrator credentials.
+
+1. Select the gear icon in the upper right, select **Developer settings**, and then select **Manage Certificates** on the left pane.
+
+1. Find the certificate that you want to remove.
+
 1. Under the **Action** column of the certificate, select **Remove**.
@@ -1,43 +1,52 @@
 ---
-title: Driver code signing requirements
-description: Driver code signing requirements
+title: Driver Code Signing Requirements
+description: This article describes requirements for code signing your driver.
 ms.date: 05/29/2025
 ms.topic: best-practice
 ---
 
 # Driver code signing requirements
 
-Your drivers must be signed with a certificate before you submit them to the hardware dashboard. Your organization can associate any number of certificates with its dashboard account, and each one of your submissions must be signed with any one of those certificates. There's no restriction on the number of certificates (both extended validation (EV) and Standard) associated with your organization.
+You must sign your drivers with a certificate before you submit them to the hardware dashboard. Your organization can associate any number of certificates with its dashboard account, and each one of your submissions must be signed with any one of those certificates. Whether you have extended validation (EV) or standard certificates, there's no restriction on the number of certificates associated with your organization.
 
 This article provides general information on the types of code signing available for your drivers, and the associated requirements for those drivers.
 
-For more extensive information on driver signing requirements see the following pages:
+For more extensive information on driver signing requirements, see:
+
+- [Driver signing changes in Windows 10](https://techcommunity.microsoft.com/blog/windowshardwarecertification/driver-signing-changes-in-windows-10/364859)
+
+- [Driver signing changes in Windows 10, version 1607](https://techcommunity.microsoft.com/blog/windowshardwarecertification/driver-signing-changes-in-windows-10-version-1607/364894)
 
-- [Driver Signing Changes in Windows 10](https://techcommunity.microsoft.com/blog/windowshardwarecertification/driver-signing-changes-in-windows-10/364859)
-- [Driver Signing changes in Windows 10, version 1607](https://techcommunity.microsoft.com/blog/windowshardwarecertification/driver-signing-changes-in-windows-10-version-1607/364894)
 - [Update on Sysdev EV Certificate requirement](https://techcommunity.microsoft.com/blog/windowshardwarecertification/update-on-sysdev-ev-certificate-requirement/364879)
 
 ## Where to get EV code signing certificates
 
-EV Code signing certificates can be purchased from one of the following certificate authorities:
+You can purchase EV code signing certificates from one of the following certificate authorities:
 
 - [Certum EV code signing certificate](https://shop.certum.eu/certum-ev-code-sigining.html)
+
 - [DigiCert EV code signing certificate](https://www.digicert.com/signing/code-signing-certificates)
+
 - [GlobalSign EV code signing certificate](https://go.microsoft.com/fwlink/p/?LinkId=620888)
+
 - [IdenTrust EV code signing certificate](https://www.identrust.com/digital-certificates/trustid-ev-code-signing)
+
 - [Sectigo (formerly Comodo) EV code signing certificate](https://www.sectigo.com/ssl-certificates-tls/code-signing)
+
 - [SSL.com EV code signing certificate](https://www.ssl.com/certificates/ev-code-signing/)
 
 ## EV certificate signed drivers
 
-Your Hardware Dev Center dashboard account must have at least one EV certificate associated with it to submit binaries for attestation signing or to submit binaries for HLK certification.
+To submit binaries for attestation signing, your Hardware Dev Center dashboard account must have at least one EV certificate associated with it. This requirement is also true if you want to submit binaries for Windows Hardware Compatibility Program (WHCP) certification.
 
 The following rules apply:
 
 - Your registered EV certificate must be valid at the time of submission.
-- While Microsoft strongly recommends that you sign individual submissions with an EV certificate, you can alternatively sign submissions with an Authenticode signing certificate that is also registered to your Partner Center account.
-- All certificates must be SHA2 and signed with the `/fd sha256` SignTool command line switch.
+
+- Although Microsoft strongly recommends that you sign individual submissions with an EV certificate, you can sign submissions with an Authenticode signing certificate. The Authenticode certificate must be registered to your Partner Center account.
+
+- All certificates must be SHA-2, and signed with the `/fd sha256` SignTool command line switch.
 
 If you already have an approved EV certificate from a certificate authority, you can use it to establish a Partner Center account. If you don't have an EV certificate, choose [one the certificate authorities](#where-to-get-ev-code-signing-certificates) and follow their directions for purchase.
 
-Once the certificate authority verifies your contact information and your certificate purchase is approved, follow their directions to retrieve the certificate.
+After the certificate authority verifies your contact information and your certificate purchase is approved, follow their directions to retrieve the certificate.