In the past, Customers signing software or drivers that were to be executed in Windows Kernel Mode, could use any GlobalSign Code Signing Certificate along with the Microsoft Cross Certificate linking back to the GlobalSign Root R1.
This Cross Certificate will expire on April 2021 and Microsoft will not be issuing trusted Cross Certificates for this purpose anymore.
Moving forward, Microsoft’s newest process requires registering to the Microsoft Hardware Program. Registration for the Hardware Program is accessible through the Hardware Dev Center.
Please note that Microsoft allows registration only when signing a file provided by Microsoft with an Extended Validation (EV) Certificate. The signed file must be uploaded as part of the registration process. This way that EV Certificate is registered and uniquely linked to the account in the Hardware Dev Center.
Customers are advised to register for the Windows Hardware Program before the expiration of the Kernel Mode Code Signing (KMCS) Cross Certificate and from then on follow the signing process required by Microsoft. A FAQ by Microsoft regarding all those changes can be found here.
I currently use a GlobalSign Code Signing Certificate for Kernel Mode driver signing, how am I affected?
I’m currently signing drivers for execution in Kernel Mode with a Code Signing Certificate, what should I do?
How is software signed before the expiration of the Microsoft Cross Certificate affected?