We are often asked if our Windows driver is WHQL certified, signed and fully compliant.
Our drivers are Authenticode signed and carry SHA-2 embedded certificates. For compliance purposes this is generally enough (it shows Touch-Base as the legitimate supplier and that the software has not been tampered with).
Deprecation of SHA-1 certificates was completed end 2017 and are no longer available therefore our driver no longer utilises this certificate. Any operating systems that rely solely on these security certificates, such as XP and unpatched Win 7 systems, are likely to issue a warning that the software is from an unknown source.
Regarding WHQL signing this only applies to kernel mode components. UPDD software utilises three kernel related packages:
| Type |
Name |
Description |
Signing status |
| Mouse interface |
tbupddsu |
Implements a mouse port interface |
Fully signed package |
| HID interface |
upddvh |
implements a virtual HID interface |
Fully signed package |
| USB device interface |
updd.inf |
USB hardware interface |
Partially signed package |
Mouse Interface
This package is fully WHQL signed:
This package was signed using UPDD V5.1.1445 and has not changed since that time, hence is utilised in UPDD V6. It is used to post touch data to the operating system via a mouse port interface.
HID Interface
This package is fully WHQL signed:
This package was signed using UPDD V5.1.1131 and has not changed since that time, hence is utilised in UPDD V6. It is used to post touch data to the operating system via an HID interface.
USB port interface
This package is used to install a USB client side driver for specific devices as defined in the .INF file created dynamically at the time we build the UPDD installer and includes the USB vendor and product id of the supported USB devices.
At its heart this uses a standard 'inbox' signed driver, winusb.sys, signed by Microsoft Windows:
Because we have to wrap this up in a driver package to support the specific device(s); and whilst (as shown above) this does not add any more "driver files"; it does mean that the driver package is signed by Touch-Base reflecting the Authenticode signing, not a fully signed WHQL installer package.
In our opinion given the above in most cases the driver package signing status is sufficient to satisfy most users signing requirements.
If a driver package requires a full WHQL signing we would have to execute a full signing process in conjunction with Microsoft WHQL signing procedures.
We have performed this on a number of occasions and this takes approximately 2 weeks to complete and is fully chargeable.