Microsft Vista x64 Mandatory Driver Signing (Update)

In an earlier article I made a mistake. I told that Microsoft Vista x64 will only work with signed drivers and assumed (wrongly) that this means every driver has to go through the WHQL program for getting a signature of Microsoft’s driver quality program, which would be a quite costly process.

I now discovered an older (German) blog-article by Daniel Melanchton, in which he points out that only a digital signature with a certificate from a trusted CA is required. It seems that it is not required to go through the WHQL process, you just need a certificate. The trusted CAs seem to comprise most root authorities also accepted by Internet Explorer by default, so driver developers are not dependent on Microsoft for getting a signature.

While this still might be a problem for some established Open Source drivers, it is still an affordable and in my opinion useful approach, as digital signatures at least in most ways make the originator of a software known. Of course, this does not tell anything about the quality of the software nor if it is benign or malware. Microsoft’s approach seems to be that without force hardly any publisher will sign their drivers. Unfortunately, they might be true…

Update 2007-02-21: It seems that I still missed one point. The “Secure Media Path” depends on a valid Microsoft signature. Without this signature, drivers are supposed to disable the “Secure Media Path”, so that high-quality (e.g. HDTV, Dolby 7.1) multimedia content is rendered to lower quality.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.