Windows 10 Version 1607 Changes Driver Signing Policy
Subject: General Tech | August 1, 2016 - 06:33 PM | Scott Michaud
Tagged: windows 10, microsoft
Remember, folks, that “the road to Hell is paved with good intentions”. Microsoft has been trying to shed their stigma as a giant source of malware, but all solutions have side-effects, and those side-effects can have damaging consequences. When you believe that you or someone else is doing good, that is when you should be extra cautious, not less. It's a source of complacency.
With tomorrow's Windows 10 Anniversary Update, Microsoft will require kernel-mode drivers to be signed by them on systems with Secure Boot enabled. This change will not affect PCs that have been upgraded from a previous version of Windows, including Windows 10 1507 and Windows 10 1511. That said, this could be a concern for those (like me) who are planning to clean install soon.
To me, this doesn't look like it will be that big of a deal. Hobbyists should be able to manage with either disabling Secure Boot, if their system allows it, or by fitting their driver around the user-mode framework. It might cause an issue with hotfix graphics drivers, though, which are pushed out before getting signed by Microsoft.
Also, if Microsoft changes their driver signing policy in the future, then this
is could be (Update @ 7:30pm ET: original verbage was a little too strong) huge leverage against anyone attempting to circumvent it (such as implementing a graphics API that outperforms whatever DirectX version they have at the time -- see how Vulkan is not allowed on MacOSX). Even if you trust Microsoft now, you need to think about what Microsoft in 10+ years can do if they choose to.