Microsoft has just published a new Channel 9 Video that explains many of our long-standing questions about driver signing. The video was made during last month’s PlugFest that took place at MSFT.
The basic policy is “New drivers must be signed by Microsoft” — This will be enforced starting in Windows Anniversary Edition (RS1) and Server 2016. Everything else is an exception to this rule.
So, what are the exceptions? They are:
- Old drivers signed with a certificate issued prior to 29 July 2015 will work if cross-signed.
- Systems that are upgraded will work with drivers that are cross-signed.
- If Secure Boot is OFF, drivers with cross-signing will work.
- There will be a registry key (designed for use during testing) to allow cross-signed drivers to load even on systems with Secure Boot enabled. No, the registry key has not been announced yet.
For Windows Client systems, you can use Attestation Signing to be able to load your drivers on Win10 Anniversary Update. And yes… this will work even on systems that have Secure Boot enabled.
For Windows Server systems, Attestation Signing is not an option. As we’ve been hearing for quite a long time, if you want to run on Windows Server 2016 systems (and you don’t fit one of the exceptions listed previously) you will need to pass the HLK tests.
Watch the video. It’s got a lot more detail than the above, especially lots of good stuff about Server 2016 requirements, Azure, and storage testing requirements. Very good stuff, and sort of boring, but well worth the hour it’ll take you to watch the entire video.
Again, here’s the link:
[…] some definitive guidance from Microsoft on Driver Signing for Redstone 1 and Server 2016. See this blog post for a summary of the details. This information supersedes the following guidance, which largely […]
[…] signing requirements for RS1 (Windows Anniversary Update) and Windows Server 2016 can be found in our recent blog post on this subject. This appears to be the definitive word… until we hear […]
[…] OSR, 2016-06-02, Driver Signing — More Details Emerge. https://www.osr.com/blog/2016/06/02/driver-signing-details-emerge/ […]
[…] as possible but this is important. You’ll find a whole truck-load of articles on MSDN and the general interwebz. Everybody is talking about the new requirements for signing for Windows 10 Anniversary […]