All Windows 10 Kernel Mode Drivers Must Be Digitally Signed By Microsoft

"Last year, we announced that beginning with the release of Windows 10, all new Windows 10 kernel mode drivers must be submitted to the Windows Hardware Developer Center Dashboard portal to be digitally signed by Microsoft," reads a MSDN blog post. "However, due to technical and ecosystem readiness issues, this was not enforced by Windows Code Integrity and remained only a policy statement. Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal."

Slashdot reader mikejuk quotes a report from i-programmer.info which argues "the control of what software users can run on their machines is becoming ever tighter," and compares Microsoft's proposal to an XKCD cartoon: Before you start to panic about backward compatibility with existing drivers the lockdown is only going to be enforced on new installations of Windows 10. If you simply upgrade an existing system then the OS will take over the drivers that are already installed... Only new installations, i.e. installing all drivers from scratch, will enforce the new rules from Windows 10 version 1607... Be warned, if you need to do a fresh install of Windows 10 in the future you might find that your existing drivers are rejected.

Not MS target demographic

[JeffOwl]

For 97% of Windows 10 users (yes, I made that figure up) this is a total non-issue. It may even be a benefit to protect them from themselves. Many can't distinguish between safe and not so safe web sites from which to download programs and such. These folks may not even know how to uninstall drivers that don't uninstall automatically when a related piece of software is uninstalled. If you are a registered developer, this isn't an issue either as MS gives you a way around it.

For the rest of us, well, there aren't enough who haven't already migrated to iOS or Linux so MS doesn't give a shit.

Re:Not MS target demographic

[Opportunist]

Same as I'll do with the rest of the hardware I make: Abuse some USB communications class and roll the logic into the hardware.

Re: Worse and worse

[Miamicanes]

I can't speak for the original Xbox, but the Xbox 360 has a pretty respectable library of indie third-party games that can be installed through Xbox Live. In fact, the third-party indie games on my 360 outnumber the retail-boxed games about 3 to 1.

Unholy Heights is a riot.

http://xbox.com/indiegames

Re: Worse and worse

[nmb3000]

Or, you know, it's to prevent viruses and other such garbage that has plagued windows for years and years, to be able to boot up with windows by masquerading as a driver?

Actually the GP is right, and Microsoft calls it out themselves:

To play back certain types of next-generation premium content, all kernel-mode components in Windows Vista and later versions of Windows must be signed. In addition, all the user-mode and kernel-mode components in the Protected Media Path (PMP) must comply with PMP signing policy.

Besides, the only way to install kernel mode drivers is to be running as administrator. If malicious code is allowed to run on your computer with administrative credentials, you're already screwed in any number of ways. Installation of a kernel driver is just one avenue.

I see nothing wrong with this.

I see everything wrong with this. Microsoft is now dictating what software can be run on my computer. That alone is enough of a reason to vehemently reject this, but think also of the F/OSS software impacted. There are plenty of software tools out there which run a driver as part of their operation and not all of these will want to or be able to get their drivers signed.

I have been trying to decide lately if I'll ever bite the bullet and move from Windows 7 to Windows 10, or if I'll start looking migrating to Linux. The decision just got a lot easier.