Changes to Kernel Trust Policy in Windows Ecosystem
In a significant shift for the Windows ecosystem, Microsoft has announced the enforcement of a new kernel trust policy that will impact various versions of Windows, including 11 24H2, 25H2, 26H1, and Windows Server 2025. This policy is a response to the growing need for enhanced security and integrity within the operating system, as emphasized by Peter Waxman, a group program manager at Microsoft. He noted in a recent blog post that “drivers are a critical part of the Windows ecosystem, and ensuring their integrity is essential to providing a secure and trustworthy environment.”
The kernel trust policy comes in the wake of the deprecation of a previous program in 2021, which led to the expiration of all associated certificates. Despite this, Microsoft reassures users that third-party drivers signed by the now-defunct program continue to be “broadly trusted.”
As part of the implementation process, Microsoft will initially place systems in an evaluation mode. During this phase, the company will closely monitor and audit driver loads to identify any compatibility issues that may arise if cross-signed drivers are blocked. The evaluation mode will persist until specific conditions are met, which include:
- A runtime of 100 hours
- 2-3 boot-start restarts
If all drivers loaded during this evaluation period are deemed trustworthy, the new kernel trust policy will be activated. Conversely, should any cross-signed drivers be flagged during the audit that do not comply with the new policy, the system will remain in evaluation mode until those drivers are resolved.
