We are a small company selling bespoke scientific instruments. A few years ago, we contracted a local firm to design an electronics board for specialist fast timing. It uses the CY7C68013A microcontroller for management purposes and for communication with a PC over USB. It turned out that our sub-contractor did not write a device driver, but merely supplied the Cypress CyUSB.sys driver and a simple user mode wrapper around the required parts of the CyUSB.lib library. Indeed it turns out that the sub-contractor does not have the skills to write a driver, their speciality is electronics.
All the other higher level driver software has been written in-house, is user-mode and 32bit. We have not bothered to sign any of the code, as in our world it simply doesn't add any value. We sell only 5-10 units a year, mostly as part of instrument sales and mostly with a PC supplied by us. We have a personal relationship with our small number of clients and they have to trust us on a range of issues; possible errors with the drivers is the least of their worries. In any case, we haven't actually touched the driver code as such, CyUSB.sys, we have merely changed the .inf file to match the vendor and product IDs in the code that runs the board. We do have our own official USB vendor code, purchased a long time ago.
All this has been working absolutely fine with Windows XP based PCs; the message warning about the unsigned driver is usally only seen by us and one can elect to ignore it. Anyway, I am not embarrassed for the client to see such a warning message; they understand the specialist nature of what we do. Now, however, we are being forced towards Windows 7. We have run the hardware with Windows 7 32 bit, where one can still override the complaint about the lack of driver signing. We have also managed to make it run under Windows 7 64bit, having followed the procedure for disabling driver signing. I will be forced to use Windows 7 64bit in future; it now seems to be the default on all new PCs. I have not yet found a method for running our hardware that does not involve disabling all signing protection and requiring our users to run permanently in a test mode.
So, ideally there would be a way to make a given Windows 7 64bit installation run our hardware without disabling all protections. If anyone knows how to do this they would make me very happy by telling me, but I am coming to the conclusion that Microsoft have succeeded in making this impossible. Otherwise we have to get the driver signed. But there is a great deal of confusing information on this topic. I really need a walkthrough that is completly specific to Windows 7 64bit. I think I might have discovered that the driver has to go through the WHQL process, requiring a client server setup and test results submitted to Microsoft. Is this necessary even though the CyUSB comes from Cypress? I think that not all signing certificates will be suitable. I only need to do this once. There is not going to be any upgrades to this part of the software. It should last us until we have to design a completely new board - some more years - our world does not move at the pace of consumer electronics.
I would be very happy to use a sub-contractor, if I could find somone suitable at a sensible cost (bearing in mind the very small numbers). I am not sure whether the signing process requires one of our actual boards, as well as the driver; we only have a few available at a time. The hardware does not fall into any standard class, so there is very little that general testing software could do with it.
The whole thing is very frustrating, especially since we haven't actually touched any driver code. I would be very grateful for advice from someone who has been through this process. Sorry there is so much detail, but I wanted the context to be clear so the suggestions are appropriate.