Logo HardwareVisualizer

Installer verification

Use these checks before running an installer. Windows release installers are Authenticode signed starting with v1.9.0, and SHA-256 checksums plus GitHub Artifact Attestations remain recommended verification steps for manual downloads.

Check the source

Official downloads are available only from hardviz.com, GitHub Releases, and Winget where available.

Check that the file has not been changed

For a stricter check, copy the SHA-256 value from the download page, then run the matching checksum command from the latest release verification commands. The command output should match the copied value exactly. For details, see Installer verification in the GitHub documentation.

Verify GitHub Artifact Attestations

For releases that publish attestations, use GitHub CLI to verify that the asset was produced by the official repository. The latest release commands are listed below.

gh attestation verify ./HardwareVisualizer_* -R shm11C3/HardwareVisualizer

Review signing status

Windows .exe and .msi release installers are Authenticode signed starting with v1.9.0. Earlier Windows releases may be unsigned. macOS builds are signed and notarized. Linux packages are not currently signed with a Linux package-signing mechanism, so verify them with checksums and attestations. Release assets ending in .sig are Tauri updater signatures for the in-app update path; they do not replace platform signing, SHA-256 checksums, or GitHub Artifact Attestations for manual downloads.

Resources

Latest release verification commands (Advanced)

Copy the SHA-256 value from the download page, then run the command for the file you downloaded.

Windows - Windows 10/11 (x64)

Artifact
HardwareVisualizer_1.9.1_x64_en-US.msi
Verification command
Get-FileHash .\HardwareVisualizer_1.9.1_x64_en-US.msi -Algorithm SHA256
GitHub attestation
gh attestation verify ./HardwareVisualizer_1.9.1_x64_en-US.msi -R shm11C3/HardwareVisualizer
Signing status
Authenticode signed for v1.9.0+ installers
Signature file
HardwareVisualizer_1.9.1_x64_en-US.msi.sig

Tauri updater signature for the in-app update path; not a platform signing substitute.

macOS - Apple Silicon (ARM64)

Artifact
HardwareVisualizer_1.9.1_aarch64.dmg
Verification command
shasum -a 256 HardwareVisualizer_1.9.1_aarch64.dmg
GitHub attestation
gh attestation verify ./HardwareVisualizer_1.9.1_aarch64.dmg -R shm11C3/HardwareVisualizer
Signing status
Signed and notarized

macOS - Intel (x64)

Artifact
HardwareVisualizer_1.9.1_x64.dmg
Verification command
shasum -a 256 HardwareVisualizer_1.9.1_x64.dmg
GitHub attestation
gh attestation verify ./HardwareVisualizer_1.9.1_x64.dmg -R shm11C3/HardwareVisualizer
Signing status
Signed and notarized

Linux - RPM-based Distros (.rpm)

Artifact
HardwareVisualizer-1.9.1-1.x86_64.rpm
Verification command
sha256sum HardwareVisualizer-1.9.1-1.x86_64.rpm
GitHub attestation
gh attestation verify ./HardwareVisualizer-1.9.1-1.x86_64.rpm -R shm11C3/HardwareVisualizer
Signing status
Unsigned package; verify with SHA-256 and attestations
Signature file
HardwareVisualizer-1.9.1-1.x86_64.rpm.sig

Tauri updater signature for the in-app update path; not a platform signing substitute.

Linux - AppImage (.AppImage)

Artifact
HardwareVisualizer_1.9.1_amd64.AppImage
Verification command
sha256sum HardwareVisualizer_1.9.1_amd64.AppImage
GitHub attestation
gh attestation verify ./HardwareVisualizer_1.9.1_amd64.AppImage -R shm11C3/HardwareVisualizer
Signing status
Unsigned package; verify with SHA-256 and attestations
Signature file
HardwareVisualizer_1.9.1_amd64.AppImage.sig

Tauri updater signature for the in-app update path; not a platform signing substitute.

Linux - Debian/Ubuntu (.deb)

Artifact
HardwareVisualizer_1.9.1_amd64.deb
Verification command
sha256sum HardwareVisualizer_1.9.1_amd64.deb
GitHub attestation
gh attestation verify ./HardwareVisualizer_1.9.1_amd64.deb -R shm11C3/HardwareVisualizer
Signing status
Unsigned package; verify with SHA-256 and attestations
Signature file
HardwareVisualizer_1.9.1_amd64.deb.sig

Tauri updater signature for the in-app update path; not a platform signing substitute.