Licensed Driver Signing in Windows 10

Recent releases of Windows 10 can be configured to allow self-signed kernel-mode drivers in ordinary use with Secure Boot enabled. Security is assured by an assertion of ownership: your driver must be allowed by a System Integrity policy file which you must sign with the Secure Boot Platform Key. The feature is active only in specially licensed editions, except for a contrived case that this article demonstrates.

Imagine you have bought a computer and installed Windows on to it. You figure that computers have the general purpose of running whatever programs you want and you set about writing a program of your own. After debugging and testing, you’re satisfied your code meets all the technical specifications for a Windows executable in general and for the particular Windows API functions it depends on. You’re ready to start using this program for real. You will soon throw away such crutches as Developer Mode. All you have to do is send your program to Microsoft to get a Microsoft signature that Windows on your computer will recognise as Microsoft’s permission for your program to run on your computer for your ordinary use.

Wait, you ask, what’s this about needing a Microsoft signature for running my own program on my own computer? When did permission for this become Microsoft’s to give? How is running my own software on my own computer anyone’s business but my own?

Leave a Comment