To align with the Windows operating system SHA-2 Code Signing Support requirement notice (Support article 4472027), Microsoft Hardware Partner Center will be moving to sign everything using the more secure SHA-2 algorithm exclusively.
Starting in late 2019, Hardware Partner Center will be implementing the following changes.
Legacy Windows code signing services will be retired for the following operating systems as they are no longer in support.
Windows Server 2003
Windows Vista Client
Windows Vista Client x64
All other in scope OS submission workflows (ie: Test-signing, WLK, HCK, and HLK) will be signed with SHA-2 only (binaries and catalog)
Windows Server 2008 R2 Windows Server 2008
Windows Server 2008 x64
Attestation, UEFI & LSA signing is unaffected and already exclusively uses SHA-2.
Drivers signed after this date may require the Security updates outlined in “Support article 4472027” for them to load.
Shipping Labels and Windows Update:
Previously published Windows Updates that include a SHA-1 code-sign signature will continue to be trusted by Windows and will remain available.
New and edited Windows Update shipping labels that are created after this change will only be available to systems that are running the required security updates detailed in Support article 4472027.
How will Partner Center sign my binaries and catalog (.CAT) after this change?
Windows 7/Server 2008 R2 and lower
Will Hardware Partner Center still accept binaries that are signed with SHA-1 or that include a SHA-1 PE signature?
YES. There is no change from how things are currently processed.
Will Hardware Partner Center start accepting SHA-2 signed binaries for submissions that target Windows 7 and lower after this change?
YES. Starting in November 2019
For Partner Center Dashboard and Driver Submission support, please open a support ticket via: https://go.microsoft.com/fwlink/?linkid=2038065 Be sure you are signed in using the same user account used on Partner Center. Select Contact us, Dashboard issue, and then Hardware submissions & signing (all OS version) from the drop-down.
For questions about OS behavior or other OS and driver interoperability questions refer to the support article.