Have any of you seen this gem yet?
If I read this correctly, and it's not entirely clear that I am, it looks to me like Microsoft finally intends to terminate the option to sign drivers using the cross-certificate technique, which today is still quite useful for systems with Secure Boot turned off. But they are not doing so by closing a loophole in new kernels, which would be sensible. Instead, it looks like they are shutting down the entire "Microsoft Code Verification Root" CA, thereby making it impossible to cross-sign driver packages at all.
To me, this look like yet another example of the Redmond bubble, in which people don't have to live in the Real World. In the Real World, MANY of us are still writing drivers that have to run on Windows 7, 8, and 8.1, where attestation signing is entirely useless and cross-signing is required.
If I am reading this right, and I invite those with Microsoft contacts to correct me I'm wrong, then I can only hope that an industry outcry will once again convince them that major policy decisions cannot be made in a bubble.
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Writing WDF Drivers||21 Oct 2019||OSR Seminar Space & ONLINE|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|
|Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||27 Apr 2020||OSR Seminar Space & ONLINE|