Windows device installation uses digital signatures to verify the integrity of driver packages and to verify the identity of the vendor (software publisher) who provides the driver packages. In addition, the kernel-mode code signing policy for 64-bit versions of Windows Vista and later versions of Windows specifies that a kernel-mode driver must be signed for the driver to load.
Note Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) and Windows Server 2016 kernel-mode drivers must be signed by the Windows Hardware Dev Center Dashboard, which requires an EV certificate. For details, see Driver Signing Changes in Windows 10.
Kernel-mode driver binaries embed signed with dual (SHA1 and SHA2) certificates from a third party certificate vendor for operating systems earlier than Windows 10 may not load, or may cause a system crash on Windows 10. To fix this problem, install KB 3081436.
In this section
- Overview of Digital Signatures for Driver Installation
- Managing the Signing Process
- Signing Drivers during Development and Test
- Signing Drivers for Public Release
- Troubleshooting Install and Load Problems with Signed Driver Packages
For general information about driver signing on Windows Vista and later versions of Windows, see the white paper Digital Signatures for Kernel Modules on Systems Running Windows Vista at the Windows Hardware Developer Central website.