HomeWinBuzzer NewsMicrosoft to Enforce Driver Signing Restrictions in Windows 10 Version 1607 (Anniversary...

Microsoft to Enforce Driver Signing Restrictions in Windows 10 Version 1607 (Anniversary Update)

Failure to digitally sign drivers correctly or the lack of a valid EV Code Signing Certificate will now result in their removal by Program Compatibility Assistant. The changes will apply to all fresh installs of Windows 10 version 1607.

-

In April of last year, Microsoft announced that future kernel mode would need to be digitally signed by the Windows Hardware Developer Center Dashboard portal. In addition, subsequent submissions have needed a valid EV signing certificate.

Since then, has been very lax on the issue. The rules were policy only and were not enforced by Windows Code Integrity. Starting with new version 1607 installs, this will no longer be the case.

The conditions will now enforce on an OS level, and the platform will refuse to load any kernel mode drivers that don't meet requirements. This does not apply to users who are upgrading from an earlier Windows version to 1607.

“We're making these changes to help make Windows more secure,” says content developer Joshua Baxter,“these changes limit the risk of an end-user system being compromised by malicious driver software.”

Exceptions

As mentioned earlier, the restrictions only apply to fresh installs. The user also needs to enable Secure Boot, or the checks will not run.

Microsoft lists all other exceptions in the FAQ:

  • “PCs upgrading from a release of Windows prior to Windows 10 Version 1607 will still permit installation of cross-signed drivers.
  • PCs with Secure Boot OFF will still permit installation of cross-signed drivers.
  • Drivers signed with cross-signing certificate issued prior to July 29th 2015, when the initial policy went into place, will continue to be allowed.
  • To prevent systems from failing to boot properly, boot drivers will not be blocked, but they will be removed by the Program Compatibility Assistant.”

The company encourages developers to submit new drivers to the Windows Hardware Developer Portal. They also need to begin the EV certificate process by following this documentation.

SourceMicrosoft
Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News