Windows device installation uses digital signatures to verify the integrity of driver packages and to verify the identity of the vendor (software publisher) who provides the driver packages. In addition, the kernel-mode code signing policy for 64-bit versions of Windows Vista and later versions of Windows specifies that a kernel-mode driver must be signed for the driver to load.
Note Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) and Windows Server 2016 kernel-mode drivers must be signed by the Windows Hardware Dev Center Dashboard, which requires an EV certificate. For details, see Driver Signing Policy.
All drivers for Windows 10 (starting with version 1507, Threshold 1) signed by the Hardware Dev Center are SHA2 signed. For details specific to operating system versions, see Signing requirements by version.
Kernel-mode driver binaries embed signed with dual (SHA1 and SHA2) certificates from a third party certificate vendor for operating systems earlier than Windows 10 may not load, or may cause a system crash on Windows 10. To fix this problem, install KB 3081436.
In this section
- Overview of Digital Signatures for Driver Installation
- Windows 10 in S mode Driver Requirements
- Managing the Signing Process
- Signing Drivers during Development and Test
- Signing Drivers for Public Release
- Troubleshooting Install and Load Problems with Signed Driver Packages
- Microsoft Security Advisory 2880823
For general information about driver signing on Windows Vista and later versions of Windows, see the white paper Digital Signatures for Kernel Modules on Systems Running Windows Vista.