The current method up to Windows 8.1 uses a cross-signing certificate trusted by Microsoft that, together with a company certificate, can sign a new driver such that it will be accepted and loaded by Windows kernels. Beginning with Windows 10 however, a quite different approach will be used and a lot more verifications and costs will be required to get a driver signed.
In short, each new driver will need to:
- First, be digitally signed with a software signing certificate that has gone through an Extended Verification process. Such certificates take longer time to get, are more expensive and requires further verification of company registration documents and similar.
- Then, the driver needs to be sent to a web portal to be signed by Microsoft to verify that the certificate used in step 1 has not been withdrawn for whatever reason.
To use this web portal for signing, a company needs to first have been registered at Windows Dev Center Hardware Dashboard. They only accept certificates from Symantec, so my good old GlobalSign certificate is no good for it. Also, even if you could register the company there with an old Symantec Class 3 certificate, the web portal will refuse to sign drivers for Windows 10 until a Extended Verification certificate has been used to identify the company. So essentially all driver developers, it is time to buy a new and more expensive certificate...
There is some "legacy support" thing that "relaxes" this requirement for a while though.
What about existing drivers? Do I need to re-sign these drivers to get them to work with Windows 10?
No, existing drivers do not need to be re-signed. To ensure backwards compatibility, drivers which are properly signed by a valid cross-signing certificate that was issued before the release of Windows 10 will continue to pass signing checks on Windows 10.
This is interesting, because it means that one can use an old certificate to sign now before Windows 10 is finally released and that those drivers will load on final version of Windows 10 as well.
Then about testing, it looks like test signing will be accepted in a similar way as with earlier Windows versions.