Is `PnpLockdown = 1` mandatory for minifilterdriver signing?

Hi All,

I may have missed something, but is specifying PnpLockdown=1 now mandatory for signing a minifilter driver? I started seeing the error message since May 13rd but never saw this before.

Error 1324 in xxx.Inf, line 3 : [Version] section should specify PnpLockdown=1 to prevent external apps from modifying installed driver files.

Failed INF validation. INF did not pass Desktop validation.

Thanks

I thought it was mandatory for years now.
Had it for quite a few in my INFs, due to this.

If you set your target platform to Universal instead of Desktop then this should just be a warning instead of an error (Project Properties->Driver Settings->Target Platform).

Though setting PnpLockdown is generally just good hygiene at this point.

Thanks @Dejan_Maksimovic and @Scott_Noone_OSR.

Sorry, I may not express my question clearly. I got this error message from the Microsoft Partner Center hardware dashboard. Yes, we have set the Target Platform to Universal for a while and it works perfect until last week. So, I’m curious if there have been any changes to the portal.

(In the end, we add PnpLockdown=1 to our INF file. And, it works now)

Thanks

Not that I know for sure but I'd say that's pretty good proof that there has been...

Yes, it's required by policy as of last fall, but enforcement in the attestation submission path was done only recently

2 Likes