Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Has MSFT really pulled the plug?
This is what digicert says:
On August 1, 2019, Microsoft announced the Microsoft Trusted Root Program is ending support for cross-signed root certificates with kernel-mode signing capabilities. In 2021, most of the cross-signed certificates expire.
When the cross-signed certificate that your code signing certificate is chained to expires, you will no longer be able to create new > kernel-mode digital signatures. This affects all version of Windows. To learn more about Microsoft's deprecation plans for kernel-mode digital signatures, see Deprecation of Software Publisher Certificates, Commercial Release Certificates, and Commercial Test Certificates.
Note: All existing cross-signed root certificates with kernel-mode signing capabilities continue to work until they expire. See Expiration dates of DigiCert brand trusted cross-signed certificates below._
Upcoming OSR Seminars | ||
---|---|---|
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
Writing WDF Drivers | 7 Dec 2020 | LIVE ONLINE |
Internals & Software Drivers | 25 Jan 2021 | LIVE ONLINE |
Developing Minifilters | 8 March 2021 | LIVE ONLINE |
Comments
verify with the Dashboard, but will now have to sign drivers via the
dashboard, or they won't load?
On 6/29/20, Mark_Roddy wrote:
> OSR https://community.osr.com/
>
> Mark_Roddy started a new discussion: Digicert won't even sell me a kernel
> code signing cert anymore.
>
> Has MSFT really pulled the plug?
>
> This is what digicert says:
>
> On August 1, 2019, Microsoft announced the Microsoft Trusted Root Program is
> ending support for cross-signed root certificates with kernel-mode signing
> capabilities. In 2021, most of the cross-signed certificates expire.
>
> When the cross-signed certificate that your code signing certificate is
> chained to expires, you will no longer be able to create new > kernel-mode
> digital signatures. This affects all version of Windows. To learn more about
> Microsoft's deprecation plans for kernel-mode digital signatures, see
> Deprecation of Software Publisher Certificates, Commercial Release
> Certificates, and Commercial Test Certificates.
>
> Note: All existing cross-signed root certificates with kernel-mode signing
> capabilities continue to work until they expire. See Expiration dates of
> DigiCert brand trusted cross-signed certificates below._
>
> https://knowledge.digicert.com/alerts/Kernel-Mode
>
> --
> Reply to this email directly or follow the link below to check it out:
> https://community.osr.com/discussion/292176/digicert-wont-even-sell-me-a-kernel-code-signing-cert-anymore
>
> Check it out:
> https://community.osr.com/discussion/292176/digicert-wont-even-sell-me-a-kernel-code-signing-cert-anymore
>
Yeah that is my take on it too. Must have EV cert for dashboard, can only get a production signing through dashboard.
I assumed this ill-conceived policy would die under the crush of industry pressure. I'm glad I'm nearing retirement.
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
people willing to provide driver certification as a service.
Mark Roddy
On 6/29/20, Tim_Roberts wrote:
> OSR https://community.osr.com/
> I assumed this ill-conceived policy would die under the crush of industry
> pressure. I'm glad I'm nearing retirement.
> --
Kind regards, Dejan Maksimovic.
FS Lead: http://www.alfasp.com
It is still not so bad as for MacOS. With new macOS to be released soon user need to boot in to “safe mode” and explicitly switch os to “reduced security” mode to be able to load third-party kernel extensions at all. In comparison to that windows is still relatively open platform for kernel mode development.
Not that I am support this locking down.
MacOS is the worst, when it comes to syste, software development. Crazy annoying.
Peter
Peter Viscarola
OSR
@OSRDrivers