{"id":5685,"date":"2026-04-07T11:13:52","date_gmt":"2026-04-07T11:13:52","guid":{"rendered":"https:\/\/signmycode.com\/blog\/?p=5685"},"modified":"2026-04-07T11:17:32","modified_gmt":"2026-04-07T11:17:32","slug":"microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust","status":"publish","type":"post","link":"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust","title":{"rendered":"Microsoft Advancing\u202fWindows Driver\u202fSecurity: Ending Cross-Signed Kernel Driver Trust"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-key-annoucement-mad-by-microsoft\">Key Annoucement mad by Microsoft<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft is preparing a major change to Windows that could quietly reshape how security and compatibility are balanced across the entire ecosystem. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><em><a href=\"https:\/\/techcommunity.microsoft.com\/blog\/windows-itpro-blog\/advancing-windows-driver-security-removing-trust-for-the-cross-signed-driver-pro\/4504818\">Starting April 2026<\/a><\/em><\/strong>, Windows will begin blocking kernel drivers signed through the legacy cross-signed root program by default, replacing a decades-old trust model with a stricter, policy-driven approach centred on the <strong>Windows Hardware Compatibility Program (WHCP)<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is more than a routine update. It marks a turning point in how Windows defines trust at its most critical layer\u2014the kernel.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-this-change-matters-now\">Why This Change Matters Now<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">For a long time, Windows has allowed third-party CAs (certificate authorities) to create trust chains into the kernel through cross-signing. At that time, this model was more acceptable because flexibility and broader hardware compatibility were critical to grow the platform.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, over time, this created a long tail of implicit trust (drivers that were still valid, not because they were compliant with current standards, but because they had no explicit revocation).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>In 2021, Microsoft would deprecate this model<\/strong>; however, remnants remain in production. With the launch of Windows 11 and Windows Server 2025, Microsoft will take the next step towards removing deprecated trust paths that no longer meet current security expectations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The timing fits into a broader push, as enterprise customers have repeatedly cited reliability, fragmentation, and hidden dependencies as significant concerns; tightening kernel trust addresses all three at once.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-from-implicit-trust-to-explicit-control\">From Implicit Trust to Explicit Control<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The change at the centre of this change is a complete shift in philosophy:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Driver Policy &#8211; Old way:<\/strong> All drivers are trusted unless they do not meet the general criteria<\/li>\n\n\n\n<li><strong>Driver Policy &#8211; New way:<\/strong> No driver is trusted unless it is specifically defined to be trusted<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-new-policy\">New Policy:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Drivers that are signed according to WHCP<\/strong> will be accepted by default.<\/li>\n\n\n\n<li>There will be <strong>an allow list<\/strong> for older yet trusted drivers.<\/li>\n\n\n\n<li>There will be <strong>an option for enterprises to use WDAC<\/strong> to generate exceptions from any policy.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft is moving from a passive trust-based system to an intentional trust-based system with built-in auditing and controls.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-role-of-evaluation-mode\">The Role of Evaluation Mode<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Because of the risk of enforcing the rules too quickly, Microsoft will start the policy rollout in an evaluation mode <strong>to give IT departments the chance to:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identify which drivers will be blocked<\/li>\n\n\n\n<li>Collect logs of all events that are blocked from running<\/li>\n\n\n\n<li>Provide IT departments with the tools they need to determine how to phase in new policies.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">This evaluation mode aligns with Microsoft\u2019s constant security philosophy of observing first and enforcing later. With the complexities of enterprise hardware environments, staged deployments of the enforcement of policies will help to mitigate any service interruptions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-the-kernel-is-different\">Why the Kernel Is Different<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Kernels carry a greater risk because they have a broader impact on security, especially if you make changes at the kernel level.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Kernel drivers directly interact with the OS, being given elevation of privilege, should an attack compromise a kernel driver:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The attacker could bypass security mechanisms put in place<\/li>\n\n\n\n<li>The attacker could create a method for maintaining access on a compromised machine<\/li>\n\n\n\n<li>The attacker could ultimately degrade the overall system&#8217;s operation and stability<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">By removing these untrustworthy pathways through the kernel, Microsoft is effectively decreasing a very high-risk area to attack in the Windows OS.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong> <a href=\"https:\/\/signmycode.com\/blog\/windows-baseline-security-mode-bsm-raises-the-bar-for-application-trust-and-code-signing\">Windows Baseline Security Mode (BSM) Raises the Bar for Application Trust and Code Signing<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-enterprise-impact-where-the-real-work-begins\">Enterprise Impact: Where the Real Work Begins<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Most customers won&#8217;t experience much impact from this transition, but large businesses will immediately feel it. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>For example, large businesses typically have many factors that will be affected by this change, including things such as:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The use of legacy hardware in their industrial systems<\/li>\n\n\n\n<li>The use of older drivers in their point-of-sale equipment<\/li>\n\n\n\n<li>The use of custom-built internal drivers<\/li>\n\n\n\n<li>The use of vendor software (that hasn&#8217;t been updated in many years)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">And many of these things won&#8217;t be known until something breaks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-what-it-teams-should-do-now\">What IT Teams Should Do Now?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>To prepare for this deadline of April 2026, companies should:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Review driver auditing for all endpoints<\/li>\n\n\n\n<li>Identify any dependencies on legacy cross-signed drivers<\/li>\n\n\n\n<li>Work with your vendors to obtain WHCP-compliant updates for their products<\/li>\n\n\n\n<li>Test using evaluation mode before enforcement<\/li>\n\n\n\n<li>Use WDAC overrides very sparingly for critical exceptions<\/li>\n\n\n\n<li>Prepare rollback and support plans for edge cases<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The policy should not be the biggest challenge facing your organisation; the biggest challenge is all the hidden technical debt that will be revealed when this transition is made.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-consumer-impact-mostly-invisible-occasionally-frustrating\">Consumer Impact: Mostly Invisible, Occasionally Frustrating<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">End users will most likely not see any impact from this switch since many devices today already use modern drivers compatible with Microsoft\u2019s current requirements. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>However, there are still some cases that are not standard:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Older hardware<\/li>\n\n\n\n<li>Fibre optic audio or gaming peripherals<\/li>\n\n\n\n<li>Specific equipment that was manufactured with old driver designs<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">If you find yourself experiencing any of the following problems, <strong>it may be due to bad drivers on your PC:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Devices do not operate correctly<\/li>\n\n\n\n<li>Features are disappearing without notice<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Windows will most likely be blamed as the cause of these or other problems rather than the underlying driver.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-whcp-as-the-new-trust-standard\">WHCP as the New Trust Standard<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The focus Microsoft has taken with the WHCP is intentional and part of the overall goal of creating a continuous validation ecosystem <strong>where drivers will be<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tested against the latest platforms<\/li>\n\n\n\n<li>Signed by Microsoft through official methods<\/li>\n\n\n\n<li>Supported through an ongoing lifecycle<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">By doing these three items, the overall ecosystem is more stable and secure, while also raising the bar on hardware vendors&#8217; requirements to comply.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-a-necessary-trade-off\">A Necessary Trade-Off<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The changes to the Windows driver models highlight a long-standing challenge faced by Windows:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-backward-compatibility-vs-forward-security\">Backward compatibility vs forward security<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">For decades, Microsoft leaned to the side of providing backward compatibility; however, this resulted in many legacy issues, such as numerous exceptions, outdated trust levels, and increased security risks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Now, Microsoft is attempting to bring balance to its decision-making process regarding this trade-off by:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Default behaviour becomes more secure<\/li>\n\n\n\n<li>Exceptions become explicit and controlled<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">This will continue to present challenges with regard to backward compatibility; however, it provides a foundation for addressing these problems in a more proactive manner rather than relying on historical decisions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-risks-and-challenges-ahead\">Risks and Challenges Ahead<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The transition to this model of trust and security is fraught with risk:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>There&#8217;s a possibility that legacy hardware and software will fail in an unpredictable manner<\/li>\n\n\n\n<li>Support from vendors may not keep pace with changes in policy<\/li>\n\n\n\n<li>IT teams may not have complete visibility into what assets they are responsible for managing<\/li>\n\n\n\n<li>Overuse of &#8220;allow&#8221; lists may mask more serious issues that need to be addressed<\/li>\n\n\n\n<li>Microsoft\u2019s ability to effectively balance enforcement with flexibility will determine the success of this transitional plan.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-bigger-picture\">The Bigger Picture<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This change to kernel trust is part of a much larger shift underway at Microsoft. <strong>The company is systematically transforming Windows into a more mature model where:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Trust is built by demonstrable criteria, not affirmative action<\/li>\n\n\n\n<li>Security is embedded in defaults<\/li>\n\n\n\n<li>Exceptions are visible and manageable<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft is seeking to completely redefine the Windows platform\u2014not as a burdened legacy platform, but as one that can continue to evolve by eliminating historical anomalies, without constantly burdening future generations with historical decisions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Stay updated with the industry with our blog and secure your code with <a href=\"https:\/\/signmycode.com\/\">our trusted code signing certs<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Key Annoucement mad by Microsoft Microsoft is preparing a major change to Windows that could quietly reshape how security and compatibility are balanced across the entire ecosystem. Starting April 2026, Windows will begin blocking kernel drivers signed through the legacy cross-signed root program by default, replacing a decades-old trust model with a stricter, policy-driven approach&hellip; <a class=\"more-link\" href=\"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust\">Read More <span class=\"screen-reader-text\">Microsoft Advancing\u202fWindows Driver\u202fSecurity: Ending Cross-Signed Kernel Driver Trust<\/span><\/a> <\/p>\n","protected":false},"author":1,"featured_media":5686,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[641],"tags":[917,918],"class_list":["post-5685","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-windows-security","tag-cross-signed-root-program","tag-windows-kernel-trust-policy","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.6 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Microsoft is implementing New Windows Kernel Trust Policy from April 2026<\/title>\n<meta name=\"description\" content=\"From now on, the Windows kernel will only accept drivers that are properly signed through the modern Windows Hardware Compatibility Program.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Advancing\u202fWindows Driver\u202fSecurity: Ending Cross-Signed Kernel Driver Trust\" \/>\n<meta property=\"og:description\" content=\"From now on, the Windows kernel will only accept drivers that are properly signed through the modern Windows Hardware Compatibility Program.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust\" \/>\n<meta property=\"og:site_name\" content=\"SignMyCode - Blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-07T11:13:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-07T11:17:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2026\/04\/windows-kernel-policy-changes-2026.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"912\" \/>\n\t<meta property=\"og:image:height\" content=\"453\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust\",\"name\":\"Microsoft is implementing New Windows Kernel Trust Policy from April 2026\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/windows-kernel-policy-changes-2026.webp\",\"datePublished\":\"2026-04-07T11:13:52+00:00\",\"dateModified\":\"2026-04-07T11:17:32+00:00\",\"description\":\"From now on, the Windows kernel will only accept drivers that are properly signed through the modern Windows Hardware Compatibility Program.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/signmycode.com\\\/blog\\\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust#primaryimage\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/windows-kernel-policy-changes-2026.webp\",\"contentUrl\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/windows-kernel-policy-changes-2026.webp\",\"width\":912,\"height\":453,\"caption\":\"Windows New Kernel Trust Policy 2026\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Advancing\u202fWindows Driver\u202fSecurity: Ending Cross-Signed Kernel Driver Trust\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/\",\"name\":\"SignMyCode - Blog\",\"description\":\"Code Signing News, Updates\",\"publisher\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#organization\",\"name\":\"SignMyCode.com\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/logo1.png\",\"contentUrl\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/logo1.png\",\"width\":135,\"height\":86,\"caption\":\"SignMyCode.com\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Microsoft is implementing New Windows Kernel Trust Policy from April 2026","description":"From now on, the Windows kernel will only accept drivers that are properly signed through the modern Windows Hardware Compatibility Program.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust","og_locale":"en_US","og_type":"article","og_title":"Microsoft Advancing\u202fWindows Driver\u202fSecurity: Ending Cross-Signed Kernel Driver Trust","og_description":"From now on, the Windows kernel will only accept drivers that are properly signed through the modern Windows Hardware Compatibility Program.","og_url":"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust","og_site_name":"SignMyCode - Blog","article_published_time":"2026-04-07T11:13:52+00:00","article_modified_time":"2026-04-07T11:17:32+00:00","og_image":[{"width":912,"height":453,"url":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2026\/04\/windows-kernel-policy-changes-2026.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust","url":"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust","name":"Microsoft is implementing New Windows Kernel Trust Policy from April 2026","isPartOf":{"@id":"https:\/\/signmycode.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust#primaryimage"},"image":{"@id":"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust#primaryimage"},"thumbnailUrl":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2026\/04\/windows-kernel-policy-changes-2026.webp","datePublished":"2026-04-07T11:13:52+00:00","dateModified":"2026-04-07T11:17:32+00:00","description":"From now on, the Windows kernel will only accept drivers that are properly signed through the modern Windows Hardware Compatibility Program.","breadcrumb":{"@id":"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust#primaryimage","url":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2026\/04\/windows-kernel-policy-changes-2026.webp","contentUrl":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2026\/04\/windows-kernel-policy-changes-2026.webp","width":912,"height":453,"caption":"Windows New Kernel Trust Policy 2026"},{"@type":"BreadcrumbList","@id":"https:\/\/signmycode.com\/blog\/microsofts-new-windows-driver-security-ending-cross-signed-kernel-driver-trust#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/signmycode.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft Advancing\u202fWindows Driver\u202fSecurity: Ending Cross-Signed Kernel Driver Trust"}]},{"@type":"WebSite","@id":"https:\/\/signmycode.com\/blog\/#website","url":"https:\/\/signmycode.com\/blog\/","name":"SignMyCode - Blog","description":"Code Signing News, Updates","publisher":{"@id":"https:\/\/signmycode.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/signmycode.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/signmycode.com\/blog\/#organization","name":"SignMyCode.com","url":"https:\/\/signmycode.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/signmycode.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2021\/10\/logo1.png","contentUrl":"https:\/\/signmycode.com\/blog\/wp-content\/uploads\/2021\/10\/logo1.png","width":135,"height":86,"caption":"SignMyCode.com"},"image":{"@id":"https:\/\/signmycode.com\/blog\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts\/5685","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/comments?post=5685"}],"version-history":[{"count":8,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts\/5685\/revisions"}],"predecessor-version":[{"id":5698,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/posts\/5685\/revisions\/5698"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/media\/5686"}],"wp:attachment":[{"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/media?parent=5685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/categories?post=5685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/signmycode.com\/blog\/wp-json\/wp\/v2\/tags?post=5685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}