-
Notifications
You must be signed in to change notification settings - Fork 119
docs: enhance cargo-wdk README with signing and verification details #608
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -88,12 +88,23 @@ Building a sample driver requires the `--sample` flag. If it is not specified, t | |||||||||||||||||
|
|
||||||||||||||||||
| If you have a workspace with a mix of sample and non-sample driver projects, the build will fail as that scenario is not supported yet. In the future `build` will be able to automatically detect sample projects. That will remove the need for the `--sample` flag and enable support for this scenario. | ||||||||||||||||||
|
|
||||||||||||||||||
| #### Signing and Verification | ||||||||||||||||||
| #### Signing | ||||||||||||||||||
|
|
||||||||||||||||||
| To sign driver artifacts `build` looks for a certificate called `WDRLocalTestCert` in a store called `WDRTestCertStore`. Make sure you place your signing certificate there with that name. If no certificate is found, `build` will automatically generate a new self-signed one and add it for you. | ||||||||||||||||||
| By default, `build` signs the driver binary and catalog using a certificate with `CN = WDRLocalTestCert` in the `WDRTestCertStore`. To check whether a certificate already exists, run `certmgr.msc` from the Windows Run dialog and look under `WDRTestCertStore > Certificates`. The signing certificate is also included as `WDRLocalTestCert.cer` in `target\<profile>\<project-name>-package`. | ||||||||||||||||||
|
|
||||||||||||||||||
| If no certificate is found, `build` automatically creates a self-signed certificate, uses it for signing, and adds it to `WDRTestCertStore` for reuse in subsequent builds. | ||||||||||||||||||
|
|
||||||||||||||||||
| #### Verification | ||||||||||||||||||
|
|
||||||||||||||||||
| If the `--verify-signature` flag is provided, the signatures are verified after signing. For verification to work, make sure you add a copy of the signing certificate in the `Trusted Root Certification Authorities` store. For security reasons `build` does not automatically do this even when it automatically generates the cert. You will have to always perform this step manually. | ||||||||||||||||||
|
|
||||||||||||||||||
| #### Installing self signed certificate (non-prod case) | ||||||||||||||||||
|
|
||||||||||||||||||
| The driver package that gets generated at `target\<profile>\<project-name>-package` post build also includes the self signed certificate `WDRLocalTestCert.cer`. Since the driver and catalog files are signed with self signed certificate instead of production certificate (CA issued). We need to manually add a copy of this certificate in the `Trusted Root Certification Authorities` store on the target machine where you want to install the driver. | ||||||||||||||||||
|
||||||||||||||||||
| The driver package that gets generated at `target\<profile>\<project-name>-package` post build also includes the self signed certificate `WDRLocalTestCert.cer`. Since the driver and catalog files are signed with self signed certificate instead of production certificate (CA issued). We need to manually add a copy of this certificate in the `Trusted Root Certification Authorities` store on the target machine where you want to install the driver. | |
| The driver package that gets generated at `target\<profile>\<project-name>-package` post build also includes the self-signed certificate `WDRLocalTestCert.cer`. Since the driver and catalog files are signed with a self-signed certificate instead of a production certificate (CA issued), we need to manually add a copy of this certificate in the `Trusted Root Certification Authorities` store on the target machine where you want to install the driver. |
Copilot
AI
Feb 6, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's an inconsistency in hyphenation: "self signed" should be "self-signed" to match the usage in the rest of the document (see line 95 where "self-signed certificate" is correctly hyphenated). The term should be consistently hyphenated throughout.
| #### Installing self signed certificate (non-prod case) | |
| The driver package that gets generated at `target\<profile>\<project-name>-package` post build also includes the self signed certificate `WDRLocalTestCert.cer`. Since the driver and catalog files are signed with self signed certificate instead of production certificate (CA issued). We need to manually add a copy of this certificate in the `Trusted Root Certification Authorities` store on the target machine where you want to install the driver. | |
| #### Installing self-signed certificate (non-prod case) | |
| The driver package that gets generated at `target\<profile>\<project-name>-package` post build also includes the self-signed certificate `WDRLocalTestCert.cer`. Since the driver and catalog files are signed with self-signed certificate instead of production certificate (CA issued). We need to manually add a copy of this certificate in the `Trusted Root Certification Authorities` store on the target machine where you want to install the driver. |
Copilot
AI
Feb 6, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The non-standard character '‑' (non-breaking hyphen, Unicode U+2011) is used in "double‑click" instead of a standard hyphen '-'. This should be replaced with a standard ASCII hyphen for consistency and to avoid potential rendering issues in different contexts.
| To install the certificate on Windows, double‑click the certificate file and choose "Install Certificate". In the wizard, select the store location (Local Machine is recommended), choose "Place all certificates in the following store", browse to "Trusted Root Certification Authorities", then complete the wizard. | |
| To install the certificate on Windows, double-click the certificate file and choose "Install Certificate". In the wizard, select the store location (Local Machine is recommended), choose "Place all certificates in the following store", browse to "Trusted Root Certification Authorities", then complete the wizard. |
Copilot
AI
Feb 6, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's an extra blank line here. The document should maintain consistent spacing. In other parts of the README, there's only one blank line between sections.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better to explicitly state what kind of verification it is since it is no longer part of a heading that has the word "Signing" in it.