** Windows 10 now requires an EV code signing certificate for kernel mode driver signing. You can buy an EV code signing certificate from us here : https://store.ksoftware.net/ev_code_signing_order.html


OV Comodo Code Signing Certificates can be used for Kernel-Mode Code Signing! (For Windows Vista through Windows 8.1).
  1. Download the Comodo cross-signed CA that matches your Code Signing certificate's Root CA.
  2. Open an elevated Windows command prompt (cmd) and run signtool.exe:

    signtool.exe sign /v /p <your PFX password> /ac "CROSS_SIGNED_COMODO_CA_HERE" /f YOUR_PFX_HERE /tr http://timestamp.comodoca.com/rfc3161 "FULL_PATH_TO_FILE_TO_SIGN"

    Example: signtool.exe sign /v /p <your PFX password> /ac "AddTrustExternalCARoot_kmod.crt" /f my.pfx /tr http://timestamp.comodoca.com/rfc3161 "C:\myfile.dll"

    Note:
 For most customers CROSS_SIGNED_COMODO_CA_HERE will be:

https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/962/0/kmcs-addtrust-external-ca-root

OR

https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/941/0/root-addtrustexternalcaroot

OR (for newer RSA/SHA256 Certificates AND EV Certificates)

https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/963/93/kmcs-comodo-rsa-certification-authority

For more general information and instruction about kernel mode signing certificates, see Microsoft's Kernel-Mode Code Signing Walkthrough. (MSDN.microsoft.com)


By FAR the best resource we've found is David Grayson's tutorial here : http://www.davidegrayson.com/signing/