Kernel mode driver signing issue

Steve Chang 6 Reputation points
2021-02-25T22:31:55.307+00:00

Dear MS team, We develop kernel mode driver for our products for Windows platform. This driver then use DigiCert certificates to sign in. Microsoft has listed DigiCert certificate download link and we do follow it to get signed by Microsoft. But on this list ( https://learn.microsoft.com/en-us/windows-hardware/drivers/install/cross-certificates-for-kernel-mode-code-signing ), it show that the certificate download will be terminated by April,15 2021. I have checked with DigiCert and they said it is Microsoft's decision what will be next step. They can't provide this kernel-mode driver signing certificate any more. Therefore, this is to ask Microsoft if there is any guideline for kernel-mode driver signing certificate after April,15 2021. Thanks, Steve Chang

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,728 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,701 questions
Windows Hardware Performance
Windows Hardware Performance
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Hardware Performance: Delivering / providing hardware or hardware systems or adjusting / adapting hardware or hardware systems.
1,525 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Jenny Feng 14,141 Reputation points
    2021-02-26T07:01:44.763+00:00

    @Steve Chang
    Hi,
    This Cross Certificate will expire on April 2021 and Microsoft will not be issuing trusted Cross Certificates for this purpose anymore.
    You will need to follow the new Kernel Mode driver signing process which requires an EV Code Signing Certificate. OV/ Standard Code Signing using the Cross Certificate will no longer be applicable.
     
    Registration for the Microsoft Hardware Program is required, this can be done in the Microsoft Hardware Dev Center. This way you can register your EV Certificate for further use in signing Kernel Mode driver packages.
    Driver packages signed with the registered EV Certificate can then be submitted using signtool.exe.

    Hope above information can help you.

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Cymon Kilmer -MSFT 801 Reputation points
    2021-02-28T18:36:04.7+00:00

    Please review the documentation here that explains more about the EV cert and where to obtain it.
    https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate