Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft is now enforcing its rule banning unsigned Windows 10 kernel mode drivers

By

windows 10 insider preview 14955 outlook mail calendar narrator upgrade
Bill Roberson/Digital Trends
Microsoft announced last week that starting with Windows 10, version 1607, the operating system will refuse to load any new kernel mode drivers that are not signed by the Windows Hardware Developer Center Dashboard portal, or Dev Portal. To be clear, new installations of this version of Windows 10 will enforce the new driver signing rule, whereas older versions of Windows 10 upgrading to 1607 will not be affected by the change.

Microsoft actually made changes to the driver signing rule with the launch of Windows 10 back in July 2015. The company said from that point on, all new Windows 10 kernel mode drivers must be submitted to and digitally signed by the Dev Portal. If they were not, Windows 10 reportedly wouldn’t load those new kernel drivers.

Recommended Videos

However, as the company pointed out last week, the new driver signing change wasn’t really enforced up until now due to “technical and ecosystem readiness issues.” Thus, the change remained as a mere policy statement and wasn’t enforced by the Windows Code Integrity component of Windows 10, which validates the integrity of a driver or system file.

For developers, Microsoft described two steps that must take place to push new drivers to Windows 10. First, they must submit the drivers to Microsoft via the Dev Portal. Next, they need to begin the process of getting an Extended Validation (EV) Code Signing Certificate. All drivers submitted to the Dev Portal must have this EV certification no matter what operating system version the developer plans to support with their driver package.

Additionally, developers wanting to get a driver that’s signed for all versions of Windows between Vista and Windows 10 must run the HLK tests for Windows 10, and the HCK tests for Windows 8.1 and earlier. After that, developers can use the Windows 10 HLK to merge the two test logs and submit those results to Microsoft along with the driver in question.

As for existing drivers, developers are not required to have them re-signed for Windows 10 1607 and newer. “To ensure backwards compatibility, drivers which are properly signed by a valid cross-signing certificate issued prior to July 29th, 2015, will continue to pass signing checks on Windows 10, version 1607,” Microsoft states.

So what does all of this mean for the end user? A more secure environment. Thanks to this enforced rule, Windows 10 will prevent users from unknowingly installing malicious driver software that could in turn load up malicious apps or programs, enable remote control to a hacker, and open a doorway to sensitive files and data, like passwords and bank account information.

According to Microsoft, the new driver signing change also reduces the risk of lost or stolen driver signing keys from the publisher. The change even ensures that driver publishers are “strongly authenticated,” thus fortifying the secure foundation of Windows 10 on a whole.

Editors' Recommendations

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Windows 10X is probably dead, and Microsoft is better off without it
Windows 10X

Windows 10X was supposed to be the next big thing for Microsoft. It promised a new visual look and a modern, lightweight version of Windows, but what it actually shaped up to be is one of the company's most complicated products -- and one that would never actually launch.

While the new flavor of Windows 10 was intended to power a next-generation wave of dual-screen PCs, Microsoft has been largely quiet about it since the pandemic changed plans. That led to a boatload of rumors about it being refocusing for single-screen experiences to take on Chrome OS and, now, a new rumor that it is officially dead.

Read more
Microsoft scraps its next-gen Windows 10X OS to focus on Windows 10 in 2021
windows 10 x not at ces 2020 thinkpad x1 fold 10x

Microsoft's next-generation Windows 10X operating system, which was meant to take on Chrome OS, is seeing yet another delay. The company has reportedly put Windows 10X on the shelf for now, so it can refocus on the regular version of Windows 10, according to a report from Petri.com's Brad Sams.

Microsoft reports that there are a total of 1.3 billion active Windows 10 devices in the world, and now Windows could finally see some glory after having taken a back seat in more recent years with smaller updates. Some elements and other technologies from Windows 10X, such as user interface updates and app containers, could still arrive in regular Windows 10, according to Sams. However, the lightweight Windows 10X  "isn’t coming to market anytime soon" and "10X is on the back burner for now."

Read more
The next major Windows 10 update is about to launch. Here’s how to get it now
microsoft surface go pro 7 deals amazon best buy fathers day sale 2020 review feature 768x479 c

Microsoft is getting the next update for Windows 10 ready for release. One of the final Windows 10 May 2021 Update test builds is now out for Windows Insider beta testers, meaning the general public could get the release on their PCs in a little as a few weeks.

Although the overall experience could still be improved between now and a final public release, Windows Insiders in the Release Preview channel can choose to install this update now by downloading Windows 10 21H1 Build 19043.928. This build can also be downloaded as an ISO file for a clean installation on any new PC, with the caveat that the computer will be enrolled in the Insider Program.

Read more