We accidentally installed a cross-signed and then attestation-signed legacy driver on (a fully updated) Windows 7 ... and to our surprise it loaded! It was cross-signed first and then attestation-signed. I expected the attestation signature to invalidate the cross signature, thus rendering the driver unusable on Windows 7.
Why did this work?
Principal Software Engineer