Driver signing

TwinCAT C++ modules must be signed with a certificate so that they can be executed.

The signature ensures that only C++ software whose origin can be traced is executed on productive systems.

For test purposes, certificates that cannot be verified can be used for signing. However, this is only possible if the operating system is in test mode so that these certificates are not used on productive systems.

Engineering requires no signing

Only the execution requires certificates - the engineering does not.

There are two ways to load modules, different certificates are used for signing:

  • Operating system: The C++ modules are loaded as normal kernel drivers and must therefore also have a signature.
    • With TwinCAT 3.1. 4022 or earlier, only this procedure is available.
    • Windows 7 (Embedded) x86 (32bit) does not require signing.
  • TwinCAT: The C++ modules are loaded by the TwinCAT runtime system and must be signed with a TwinCAT user certificate.

Since a published module should be executable on various PCs, signing is always necessary for publishing.

Organizational separation of development and production software

Beckhoff recommends working organizationally with (at least) two certificates.

  1. A certificate which is not countersigned, thus the test mode is needed for the development process. This certificate can also be issued individually by each developer.
  2. Only the software that has passed the corresponding final tests is signed by a countersigned certificate. This software can thus also be installed on machines and delivered.

Such a separation of development and operation ensures that only tested software runs on productive systems.