Query on Code signing certificate for Kernel mode drivers


We are procuring code signing certificate for signing User mode and Kernel Mode (32/64 bit device drivers) Software for all Windows OS version.

**Target Platform : ** Windows 7, 8, 10 , Windows Server 2012, Server 2016 and Server 2019

Code signing certificates can be based on SHA1 or SHA256 standard.
As per information from net, SHA256 need to be used for code signing and SHA1 will be obsolete .

We are targeting all Windows platform starting with Windows 7.
Please advise which Code signing Certificate to take i.e. SHA1 or SHA256?


Below tow links clears the code signing in windows 10 and above.

Hope this may help.


If you plan to release drivers for Windows 10, then there is no choice. You must have an EV (extended validation) certificate so you can create a Microsoft Hardware Dashboard account to get Microsoft’s signature. You can’t sign them yourself. And EV certificates are all automatically SHA256.

From clarification, I understood that SHA256 needs to be taken for signing our driver. Thank you all.

But it’s not that simple. A normal SHA256 code-signing certificate is useless in the Windows kernel world, and you cannot sign your own driver. Please re-read my message. You need an EV cert so you can get Microsoft’s signature.