Microsoft recently confirmed that, after the Anniversary Update, Windows 10 will only load kernel mode drivers digitally signed by Microsoft. Microsoft announced this change some time ago, but it managed to implement it just now with the second major update for Windows 10.
“Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the operating system, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal. OS signing enforcement is only for new OS installations; systems upgraded from an earlier OS to Windows 10, version 1607 will not be affected by this change.”
As Microsoft pointed out, the company made these changes in order to make Windows 10 more secure and avoid the additional risk of malicious software. However, this change will apply only new installations as well as computers with Secure Boot enabled.
The list of exceptions is even longer. Here’s which system setups won’t be affected by this change:
PCs upgraded to Windows 10 Build 1607 from a previous version of Windows (for instance Windows 10 version 1511) are not affected by the change.
PCs without Secure Boot functionality, or Secure Boot off, are not affected either.
All drivers signed with cross-signing certificates that were issued prior to July 29, 2015 will continue to work.
Boot drivers won’t be blocked to prevent systems from failing to boot. They will be removed by the Program Compatibility Assistant however.
The change affects only Windows 10 Version 1607. All previous versions of Windows are not affected.
However, there’s a big possibility that most of these, or even all, exceptions will only be temporary, as Microsoft is likely to introduce even more changes in the future. But, this is how things look now at the time of the Anniversary Update release.
RELATED STORIES YOU NEED TO CHECK OUT: