With the rollout of Windows 10 Anniversary Update (aka version 1607), Microsoft is cracking down on unsigned drivers. The software giant revealed this plan before the launch of Windows 10 but so far this rule wasn't enforced due to technical and ecosystem readiness issues. This changes with the Anniversary Update, new kernel mode drivers will need to be digitally signed or they will no longer load.
The move aims to improve security but one major drawback is that it limits a computer enthusiast's control over his/her own system.
Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal. OS signing enforcement is only for new OS installations; systems upgraded from an earlier OS to Windows 10, version 1607 will not be affected by this change.
We’re making these changes to help make Windows more secure. These changes limit the risk of an end-user system being compromised by malicious driver software.
If you are a driver developer, here is what you need to do:
Ensure that you submit new drivers to Microsoft via the Windows Hardware Developer Center Dashboard portal.
Begin the process of getting an Extended Validation (EV) Code Signing Certificate. All drivers submitted to the portal must be signed by an EV certificate.