View Single Post
  #3  
Old 01-26-2023, 19:43
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 324
Rept. Given: 0
Rept. Rcvd 276 Times in 98 Posts
Thanks Given: 0
Thanks Rcvd at 308 Times in 95 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
Microsoft defined one point in time (I think it was June 1st, 2016) and starting with Windows 10 version 1607, the following restrictions apply to kernel mode drivers without a signature from "Microsoft Windows Hardware Compatibility Publisher":
  • If the signing certificate expired before June 1st, 2016, the driver is allowed to load.
  • If the signing certificate became valid before June 1st, 2016 and expired after June 1st, 2016, the timestamp of the signature is checked to decide if the driver is allowed to load.
  • If the signing certificate became valid after June 1st, 2016, the driver is always denied to load.
For obvious reasons you cannot get any new certificate which expires before June 1st, 2016, so you are required to have a signature from Microsoft for any drivers you want to distribute.

Even if you had an old certificate, it would be a SHA1 certificate, but since 2022 all drivers are required to have a SHA256 signature on Windows 10/11/2019/2022. (and that old certificate would probably be "leaked" and any file signed with it would get instantly deleted by anti-virus, so you couldn't even use in on 32-bit Windows 7/8/8.1)
Reply With Quote
The Following 4 Users Say Thank You to Kerlingen For This Useful Post:
niculaita (01-30-2023), Stingered (01-27-2023), tonyweb (01-29-2023), yoza (01-26-2023)