Updated Attestation Signed Driver Publication Requirements

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

Attestation signing for Windows device drivers was introduced to allow a fast path for testing critical driver functionality and security fixes. For retail audiences however, our intention has always been that drivers should be signed through the Windows Hardware Compatibility Program (WHCP) release signing process creating a consistent baseline for defining a high-quality driver. Offering attestation signed drivers to non-test audiences contradicts the quality expectations Microsoft holds itself to.

 

Attestation Signed Driver Publishing Update

Moving forward, requests for Microsoft to publish attestation signed drivers targeting retail audiences to Windows Update are no longer supported and will be rejected upon submission. This update is specific to publishing and does not change the existing behavior of attestation signed drivers once they are loaded onto a Windows device.

 

Requests to publish attestation signed drivers for testing scenarios on Windows Update are still supported. To submit a publishing request with an attestation signed driver for test scenarios, configure your submission for CoDev or by selecting the restricted audience with the Test Registry Key option.

 

Attestation Signing Plans for Firmware Packages

Moving forward, our goal is that all packages submitted through HDC leverage the WHCP process when targeting retail audiences. This statement is also true for firmware submissions, however we recognize there are some considerations with this class of package. To accommodate this need, we are delaying this requirement specific to firmware submissions until 12/1/2023. If you have concerns about this timeline, please reach out to your Microsoft account team.

 

Conclusion

While we recognize that this might be disruptive for some who have grown accustomed to leveraging attestation as their signing process, our data shows that most partners are leveraging the WHCP as intended. Moving forward, this will help customers have the best experience possible when updating a driver through Windows Update.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.