In the Windows context, driver signing refers to Microsoft's requirements that device driver binaries be signed with a certificate whose provenance Microsoft trusts, e.g. Authenticode.
In the Windows context, driver signing, a form of code signing, refers to Microsoft's requirements that device driver binaries be signed with a certificate whose provenance Microsoft trusts, e.g. Authenticode. All recent versions of Windows require such a signature in order to easily or programmatically install a driver. Different versions of Windows have different requirements for installing an unsigned driver, but have in common that Microsoft provides no means to programmatically install a driver that is not signed.
One example of this process is the behavior of 64-bit versions of Windows Vista and 7: these versions allow only signed drivers to be installed in kernel mode. Because code executing in kernel mode enjoys wide privileges on the system, the signing requirement aims to ensure that only code with known origin execute at this level. In order for a driver to be signed, a developer must obtain an Authenticode certificate with which to sign the driver. Authenticode certificates can be obtained from certificate authorities trusted by Microsoft. Microsoft trusts the certificate authority to verify the applicants identity before issuing a certificate. If a driver is not signed using a valid certificate or if the driver was signed using a certificate which has been revoked by Microsoft or the certificate authority, Windows will refuse to load the driver.
- Microsoft's Driver Signing Requirements page
