Why isn't Windows 10 1607 rejecting my driver?

0

2

I have built my own version of the OpenVPN TAP driver (NDIS5) and have to package it with my application. From the anniversary update of Windows 10 (1607), Windows is supposed to reject the signature of kernel mode drivers NOT signed by Microsoft except in certain circumstances.

The driver is correctly signed with a new EV cert from Digicert. It's a new installation of Windows 1607, not an update. Secure Boot is on. Why is Windows accepting it?

From the Microsoft docs, I had expected to have to go through the hardware developer portal to have my driver approved by Microsoft.

https://blogs.msdn.microsoft.com/windows_hardware_certification/2016/07/26/driver-signing-changes-in-windows-10-version-1607/

Avram

Posted 2016-08-19T03:10:41.850

Reputation: 1

ask it as a comment in the blog – magicandre1981 – 2016-08-19T04:26:36.183

So when was the certificate issued? – Ramhound – 2016-08-19T10:03:13.757

@Ramhound it's a brand new cert. – Avram – 2016-08-22T01:38:51.073

Answers

0

I figured it out. There's an exception for drivers signed with a Cross Signing Cert that was issued before July 29th 2015. Although my EV cert is brand new, the cross signing cert comes from the root CA cert, in our case DigiCert, which was issued in 2011.

Avram

Posted 2016-08-19T03:10:41.850

Reputation: 1

Asked: 2016-08-19T03:10:41.850

Viewed: 335 times

Active: 2017-01-19T08:01:21.423