Kernel Signing in Windows 10 RRS feed

  • Question

  • I ran across your document "Practical Windows Code and Driver Signing".  I have not completed the entire document, yet, but what I have read is a fantastic summary of things I, too, have struggled through via experimentation and research.  I applaud your work and I learned a lot in a short time that I had yet to encounter.

    Your document claims that you can continue to cross-sign kernel-mode drivers for Windows 10 so long as you use a "valid cross certificate that pre-dates Windows 10" and you go on to express great relief that the cross-certificate you certificate is generated from predates Windows 10 and will last for many years.  I have a different experience.  I believe you are mistaken, but I only know through my own experimentation.  I would love to hear your opinion or research results.

    What is instead important is the certificate you are using to sign with.  If your certificate pre-dates Windows 10 release, you may continue to sign.  Once your certificate expires, you will have to go through the portal.  If you were to purchase a new signing certificate today from GlobalSign, you would have to go through the portal.

    We had a certificate from June 2015 that just expired.  When we went to renew, I found out this painful truth.  I suspect many do not yet know what I know.  I hope I am wrong and you can show me the error of my ways, but I believe that between now and August as certificates expire that pre-dated Windows 10, others will find out what we now know.

    I would appreciate it if you could enlighten me so that I could continue to use simple cross-signing to install my kernel-mode drivers.

    Friday, July 1, 2016 5:29 PM