Microsoft deprecated cross-signing certificates, however, it's not clear from the docs what's the new procedure.
From the docs above MS is the sole provider but their support claims you can still get one from other vendors (e.g. Digicert, Globalsign, etc...)
Does anybody know what's the process for signing production kernel drivers for Windows 11 & 10?
Any help would be appreciated, Thanks!
I haven't done it myself, but if you want to make a kernel module for Windows 10 or 11 I think you're supposed to use "attestation signing". The page you linked to has a link named "attestation signing" that goes here:
https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/attestation-signing-a-kernel-driver-for-public-release
Basically you make a driver, sign it with an EV certificate from a certificate authority, and then you submit to be checked and signed by Microsoft using a website called the "Hardware Developer Center Dashboard portal". I have also seen Microsoft use some other names for the website: "Hardware Dev Center Dashboard" and "Partner Center".
You don't need to use the portal if you are making a simple INF-only driver, or you are using a kernal module that is part of Windows, or you are using a kernel module that was already signed properly by another party.
Here is the original announcement from 2015 introducing the portal: https://techcommunity.microsoft.com/t5/windows-hardware-certification/driver-signing-changes-in-windows-10/ba-p/364859
There's more info in this long article I wrote: https://www.davidegrayson.com/signing/