is committed to implementing new ways to help restrict the spread of
malicious software. Digital signatures for kernel-mode software are an
important way to ensure security on computer systems.Digital
signatures allow the administrator or end user who is installing
Windows-based software to know whether a legitimate publisher has
provided the software package. When users choose to send Windows Error
Reporting data to Microsoft after a fault or other error occurs,
Microsoft can analyze the data to know which publishers' software was
running on the system at the time of the error. Software publishers can
then use the information provided by Microsoft to find and fix problems
in their software.
What this means for Windows Vista. To increase the safety and stability of the Microsoft
Windows platform, beginning with Windows Vista:
| • | Users who are not administrators cannot install unsigned device
drivers. |
| • | Drivers
must be signed for devices that stream protected content. This includes
audio drivers that use Protected User Mode Audio (PUMA) and Protected
Audio Path (PAP), and video device drivers that handle protected video
path-output protection management (PVP-OPM) commands. |
| • | Unsigned kernel-mode software will not load and will not run on x64-based
systems. Note:
Even users with administrator privileges cannot load unsigned
kernel-mode code on x64-based systems. This applies for any software
module that loads in kernel mode, including device drivers, filter
drivers, and kernel services. |
| • | To
optimize the performance of driver verification at boot time,
boot-driver binaries must have an embedded Publisher Identity
Certificate (PIC) in addition to the signed .cat file for the package. |
What this means
for software publishers. For vendors who publish kernel-mode software, this policy has the following effects:
| • | For
any kernel-mode component that is not already signed, publishers must
obtain and use a PIC to sign all 64-bit kernel-mode software that will
run on x64-based systems running Windows Vista. This includes
kernel-mode services software. |
| • | Publishers
who provide 64-bit device driver or other kernel-mode software that is
already signed through the Windows Logo Program or that has a Driver
Reliability Signature do not need to take additional steps— except for
the special case of boot-start drivers. |
| • | Drivers
for boot-start devices must include an embedded PIC. This requirement
applies for these devices: CD-ROM, disk drivers, ATA/ATAPI controllers,
mouse and other pointing devices, SCSI and RAID controllers, and system
devices. |
This information applies for the following operating systems:
Microsoft Windows Vista (for x64-based systems)
Microsoft Windows Server code name "Longhorn"
Included in this white paper:
| • | Introduction | • | Digital Signatures as a Best
Practice | | • | Best Practices for Code Signing through
Development, Test, and Release |
|
| • | How to Manage the Signing Process | • | How to Obtain a PIC | | • | How to Safeguard Code Signing
Keys |
|
| • | How to Disable Signature
Enforcement during Development |
| • | How to Create a Signed
Driver Package | • | How to Use a PIC to Create a Signed .cat File | | • | How to Install a Signed .cat File |
|
| • | Resources |
Future versions of this preview information will be provided in the Windows Driver Kit (WDK), under the topic "Signing Drivers for Development and Test (Windows Vista and Later)."
Collegamenti
