In the past, Customers signing software or drivers that were to be executed in Windows Kernel Mode, could use any GlobalSign Code Signing Certificate along with the Microsoft Cross Certificate linking back to the GlobalSign Root R1.
This Cross Certificate will expire on April 2021 and Microsoft will not be issuing trusted Cross Certificates for this purpose anymore.
Moving forward, Microsoft’s newest process requires registering to the Microsoft Hardware Program. Registration for the Hardware Program is accessible through the Hardware Dev Center.
Please note that Microsoft allows registration only when signing a file provided by Microsoft with an Extended Validation (EV) Certificate. The signed file must be uploaded as part of the registration process. This way that EV Certificate is registered and uniquely linked to the account in the Hardware Dev Center.
Customers are advised to register for the Windows Hardware Program before the expiration of the Kernel Mode Code Signing (KMCS) Cross Certificate and from then on follow the signing process required by Microsoft. A FAQ by Microsoft regarding all those changes can be found here.
Registration for the Microsoft Hardware Program is required, this can be done in the Microsoft Hardware Dev Center. This way you can register your EV Certificate for further use in signing Kernel Mode driver packages. Driver packages signed with the registered EV Certificate can then be submitted using signtool.exe.