Driver Signing
Driver signing associates a digital signature with a driver package.
Windows device installation uses digital signatures to verify the integrity of driver packages and to verify the identity of the vendor (software publisher) who provides the driver packages. In addition, the kernel-mode code signing policy for 64-bit versions of Windows Vista and later versions of Windows specifies that a kernel-mode driver must be signed for the driver to load.
Caution
Starting in Windows 10 and Windows Server 2016, kernel-mode drivers must be signed by the Windows Hardware Dev Center Dashboard, which requires an EV certificate. For details, see Driver Signing Policy.
Starting in Windows 10, version 1507, all drivers signed by the Hardware Dev Center are SHA2 signed. For details specific to operating system versions, see Signing requirements by version.
Kernel-mode driver binaries embed signed with dual (SHA1 and SHA2) certificates from a third party certificate vendor for operating systems earlier than Windows 10 may not load, or may cause a system crash on Windows 10 and later. To fix this problem, install KB 3081436.
In this section
- Windows 10 in S mode Driver Requirements
- Managing the Signing Process
- Signing Drivers during Development and Test
- Signing Drivers for Public Release
- Troubleshooting Install and Load Problems with Signed Driver Packages
- Microsoft Security Advisory 2880823
For general information about driver signing on Windows Vista and later versions of Windows, see the white paper Digital Signatures for Kernel Modules on Systems Running Windows Vista.