Hello all!
I’m working on the diagnostic product that loads a kernel-mode driver during the execution.
According to https://www.osr.com/nt-insider/2015-issue2/driver-signing-windows-10/ and https://www.osr.com/blog/2015/12/29/recommendations-driver-signing-windows-10-otherwise/ I expected that our product will need an attestation signing by Microsoft portal.
So, we got Digicert EV code signing certificate issued October 23, 2016. Since our product will work on any Windows version, I signed and cross-signed our driver with above certificate. Then I tried to load our product w/o Microsoft signature to compare system behavior before and after attestation signing by Microsoft.
To my great surprise driver signed with Digicert certificate and without Microsoft signature loads just fine on both of my test machines: the BIOS system running Build 14393 Enterprise and UEFI system with Secure Boot running Build 14393 Pro.
Do anyone understand what happens? I considered that starting from Anniversary Update Windows 10 will support only drivers signed by Microsoft. Is this policy changed? Or this policy applies to PnP drivers only? Still I need to sign drivers by Microsoft?
Thank you in advance for any clarification.
Alexei