In the latest shocker to hit the driver development community, it seems that Microsoft has decdied that only signed drivers will be loadable on 64-bit Windows Vista systems.
In a paper released today (19 January) on the WHDC website Microsoft indicated that for Windows Vista "unsigned kernel-mode software will not load and will not run on x64-based systems." This is in addition to the fact the users without administrator privilege, on any Vista system (32-bit or 64-bit) will not be able to load unsigned drivers.
These announcements, which took most of the driver development community by surprise, follow closely last month's announcement that KMDF would not run on Windows 2000 systems. While the KMDF decision is being "reconsidered" according to Microsoft sources, we can't imagine the same happening for Vista driver signing.
Note that Microsoft's statements do not mean that drivers must pass WHQL testing to be loaded. While getting the Design For Windows logo by passing the WHQL tests is one option, developers can obtain a Publisher Identify Certificate (PIC) from Microsoft and use that to sign their code. Prerequisite to obtaining a PIC is an organization having a Class 3 Commercial Software Publisher Certificate issued by Verisign. What? Your org doesn't use Verisign for their PKI infrastructure? Apparently that's just too bad. The necessary certification is only $500 (valid for a year), which shouldn't present a burden for most companies.
With bombshells like this one being dropped only months before Vista's release, we can't wait to see what the next few months will bring.
I'm surprised there seems to be so much acceptance of this.
I can understand having an option to reject unsigned kernel mode code that administrators can choose to employ, but for MS to tell me what I can and can't run on my own PC...That's not right.
I've written a driver for a piece of hardware whose manufacturer is long gone. Now MS is telling me that if I want to run this driver on my PC in Vista x64, I have to pay hundreds of dollars to Verisign each year?
Be careful. The road we're on likely ends with future versions of Windows requiring _all_ code to be signed. That'll have chilling effects on open source, independent and shareware developers.