Attestation signing for Windows device drivers was introduced to allow a fast path for testing critical driver functionality and security fixes. For retail audiences however, our intention has always been that drivers should be signed through the Windows Hardware Compatibility Program (WHCP) release signing process creating a consistent baseline for defining a high-quality driver. Offering attestation signed drivers to non-test audiences contradicts the quality expectations Microsoft holds itself to.
Attestation Signed Driver Publishing Update
Moving forward, requests for Microsoft to publish attestation signed drivers targeting retail audiences to Windows Update are no longer supported and will be rejected upon submission. This update is specific to publishing and does not change the existing behavior of attestation signed drivers once they are loaded onto a Windows device.
Requests to publish attestation signed drivers for testing scenarios on Windows Update are still supported. To submit a publishing request with an attestation signed driver for test scenarios, configure your submission for CoDev or by selecting the restricted audience with the Test Registry Key option.
Attestation Signing Plans for Firmware Packages
Moving forward, our goal is that all packages submitted through HDC leverage the WHCP process when targeting retail audiences. This statement is also true for firmware submissions, however we recognize there are some considerations with this class of package. To accommodate this need, we are delaying this requirement specific to firmware submissions until 12/1/2023. If you have concerns about this timeline, please reach out to your Microsoft account team.
November 2023 Update
Thank you for your support in improving the security of our ecosystem through meeting the WHCP requirements. For firmware submissions, please remember that moving into December we will begin enforcing our WHCP attestation signing requirements for all device classes. If you have concerns about this timeline, please reach out to your Microsoft account team.
| WU Retail Publication |
Before Feb 1, 2023 |
Before Dec 1, 2023 |
After Dec 1, 2023 |
| Attestation signed driver** |
✓ |
X |
X |
| Attestation signed firmware |
✓ |
✓ |
X |
| HLK signed driver & firmware |
✓ |
✓ |
✓ |
** Attestation signing process will remain unchanged, the update above only affect WU publication process.
Conclusion
While we recognize that this might be disruptive for some who have grown accustomed to leveraging attestation as their signing process, our data shows that most partners are leveraging the WHCP as intended. Moving forward, this will help customers have the best experience possible when updating a driver through Windows Update.
