Driver code signing: Drivers signed for Windows 10 Server will require HLK compatibility tests. RRS feed

  • Question

  • Just when you thought that things couldn't get any better, in a recent interview Microsoft's James Murray informed developers that, "The new “attestation” driver signing workflow is not supported on Server. Drivers signed with that pipeline will not work on Server systems. The only Microsoft signing pipeline that supports Server is the HLK Compatibility route. This gives rise to a number of interesting questions; however, ones that others may not ask is this:  How does Microsoft propose to fit drivers used in computer forensics and incident response into this paradigm.  Note that the problem is more than just being able to run non-pnp software drivers.  Today malware is just as likely to be running on some on-board embedded device as on the main computer processor.  How does MS propose to investigate firmware-based malware?  Is there a WHQL category for that?  In the real world, the owner of a computer system may decide that the risk of leaving malicious code undetected far outweighs the risk of running code bits that (by design) do not meet WHQL requirements.  I am sorry, but at this point Windows 10 seems more about disempowering computer owners than about information security. 

    Monday, July 27, 2015 2:10 PM