Can I sign Hardware Lab Kit Package (HLKX) with a Self Signed Cert

Question

To test my HSM, I created a self signed cert with its keys stored in the HSM. When I execute signtool, it find the cert and signs the binary.

When I attempt to sign an Hardware Lab Kit package (HLKX file) with the cert using the store it finds no certs. When I try using the cert file it fails to find a cert as well.

Looking at the documentation on HLK, I can't really determine what criteria it uses for cert selection and think it probably needs something from a trusted publisher or root.

I gather Microsoft will never accept my self signed cert, and I'm just trying to validate HSM HLK interoperability.

Does anyone know how to use HLK with a self signed cert?

score 0 · Accepted Answer · answered Nov 13 '18 at 14:49

Microsoft support "thinks" that one cannot sign an HLK package using a self signed cert. I generated a non hsm self signed cert and while I could successfully sign binaries via sign tool I cannot sign HLK packages via HLK studio.

Microsoft's "think" is a certainty. Self signed certs do not appear to work with HLK Studio

Can I sign Hardware Lab Kit Package (HLKX) with a Self Signed Cert

1 Answers1