The PARIS Forums


Home » The PARIS Forums » PARIS: Main » Windows 10 driver signing question (What should I do? What would you do?)
Windows 10 driver signing question [message #108948] Thu, 08 October 2015 17:16 Go to previous message
mikeaudet   CANADA
Messages: 476
Registered: February 2009
Location: Canada
Senior Member
Hi All,

I have a dilemma that I think I've somewhat resolved, but I wanted to consult with the community about it because there is no perfect solution.

Windows 10 has changed the driver signing rules, and the changes aren't good.

Secure boot is a mechanism that checks that boot loader code is digitally signed. It was added in Windows 8.

For me to update the scherzo driver for windows 10 and support secure boot, I'll now have to buy an 'extended validation' security certificate that will cost about $600 Canadian per year. That's completely unfordable for me.

I'll also have to upload the driver to Microsoft servers for them to sign, and I'll have to agree to watch for telemetry data for bugs. That's a good thing if people agree to send telemetry data, but sending telemetry data is mandatory in Windows 10. I personally see mandatory data collection, that includes a list of all applications installed on a personal computer, as a serious privacy violation. I'd be participating in something I'm strongly against in its current form.

I can use the old cross certificate mechanism that Windows 7/8 used, but it will only work with Windows 10 if secure boot is disabled in the BIOS.

All PCs up until the new crop of Windows 10 logo PCs were required to have a BIOS option to turn off secure boot. With new PCs, this switch will be optional. It's possible that some new PCs will not have the ability to disable secure boot.

There's really no good option.

I've contacted Microsoft and asked for help, and they have refused.

There's also the SHA1 vs 2 change that's coming. If I get a new certificate, it will have to be SH2, which will only work on recently patched Windows 7 PCs. Windows VISTA won't load the driver, nor will older builds of Windows 7.

Basically, Microsoft sucks.

I'm leaning to getting a 3 year regular cross certificate and just not supporting secure boot on Windows 10.

What would you guys do?

All the best,

Mike

[Updated on: Thu, 08 October 2015 18:19]

Report message to a moderator

 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: What's included with driver purchase?
Next Topic: NEBULA Gurus!
Goto Forum:
  


Current Time: Sat Nov 16 04:25:18 PST 2024

Total time taken to generate the page: 0.00812 seconds