You can't realistically ask users to disable secure boot, even if this is entirely possible on all x86 motherboards.įinally, the cross signed roots expire soon and I think some already have. Thus the only mechanism to realistically get your driver working on all Windows out of the box is to submit via sysdev. IF secure boot were enabled, the kernel would: a) if the driver was signed pre-Win10, accept it, b) if it was signed post win-10 RTM date and by Microsoft, accept otherwise reject. It was technically possible to use the old mechanism at this stage too, provided the end user did not have UEFI secure boot enabled. You would then be required to submit the driver package via and after spending time in Ballmer's Brewery, it would come out signed by Microsoft. #DEVELOPING DRIVERS WINDOWS DRIVER FOUNDATION PDF FREE WINDOWS 10#Then, around Windows 10 I think, Microsoft announced that one would need to acquire an EV certificate. It was not sufficient to have a certificate capable of signing code, even with MS' OIDs for that. This means that the certificate follows a chain up to a standard CA _and also_ one Microsoft use to approve that CA to issue kernel-mode certificates. Originally for kernel-mode drivers, you needed a code signing certificate cross signed by Microsoft's root. Since Sysinternals were bought by Microsoft many years ago and the tools are distributed directly via Microsoft, such tools are unlikely to have an issue being signed.Ī brief history of the process for those not following it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |