none
Detecting improperly signed drivers at install time RRS feed

  • Question

  • This is probably not the right place to post this, but I thought I'd throw it out here for a start:

    An older preview release of Windows 10 (version 14295) would, at install time and under the correct set of circumstances (clean install of the OS, Secure Boot enabled, etc.), complain about the installation of any driver that was not Microsoft signed.  Our developers have found this very useful as a sanity check to ensure that everything is signed correctly before it is shipped out.  Rather than having to load every driver to invoke a failure (which would require appropriate hardware be present), signature problems with many multiple drivers could be detected in one fell swoop at install time on any given (Secure Boot capable) system.

    Sadly, this functionality was removed in the released Anniversary Update.  Some of our developers have continued to run a sanity check using the old 14295, but the time bombs in that preview release make that increasingly untenable.  Is there some way to enable an install-time driver check in later, released versions of Windows 10?

    Friday, July 6, 2018 3:13 PM

All replies

  • Remove all certificates from the system that are not in the trust chain to Microsoft

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, July 6, 2018 5:40 PM
    Moderator
  • Clever idea!  I'll give that a go here and see how it pans out.  Thanks.
    Friday, July 6, 2018 5:50 PM