Consequently, this system was deprecated in 2021, and all certificates have since expired. Nonetheless, third-party drivers signed by this system are still “broadly trusted,” Microsoft says.
The latest kernel trust policy will apply to Windows 11 24H2, 25H2, 26H1, and Windows Server 2025, and all future versions will implement it, because, Peter Waxman, a gaggle program manager at Microsoft, writes in a blog post, “drivers are a critical a part of the Windows ecosystem, and ensuring their integrity is crucial to providing a secure and trustworthy environment.”
Nonetheless, in its initial evaluation mode, Microsoft will monitor and audit driver loads to check for compatibility issues should cross-signed drivers be blocked. Systems will remain in evaluation mode until they meet specific runtime (100 hours) and boot-start (2-3 restarts) scenarios. If all drivers loaded in the course of the evaluation period are trusted, the policy prompts, but when any cross-signed drivers are audited that will not pass the brand new kernel trust policy, the system stays in evaluation mode until those drivers are not any longer audited.