This: http://msdn.microsoft.com/en-us/library/bb530195.aspx has a long, unwieldy explanation.
Here is a much simpler, step-by-step protocol:
1) Run the following from an elevated CMD window (RunAs Administrator):
bcdedit /set testsigning on
bcdedit /set nointegritychecks on
3) Make a certificate. From a DDK command line window, type:
makecert -r -pe -ss MyTestCertStore -n "CN=MyTestCert" mytestcert.cer
4) From an elevated CMD window
certmgr -add mytestcert.cer -s -r localmachine root
certmgr -add mytestcert.cer -s -r localmachine trustedpublisher
5) From certmgr window that just opened in step one or two (or type certmgr):
a) Right click on Trusted Root Certification Authorities -> All Tasks -> Import
b) Navigate to the cert file you have just created in step (3) (mytestcert.cer).
c) Say "yes"
6) To sign the driver:
signtool sign /n MyTestCert /s "MyTestCert" yourdrivername.sys
Why can't our documentation people produce something similar???