Overview of Signing and Install Process
https://msdn.microsoft.com/en-us/library/aa906274.aspx
Kernel-Mode Code Signing Requirements for Public Release of a Driver
Windows Vista 64-bit Versions
The kernel-mode code signing policy requires that a kernel-mode driver be signed as follows:
? A kernel-mode boot-start driver must have an embedded Software Publisher Certificate (SPC) signature. This applies to any type of PnP or non-PnP kernel-mode boot-start driver.
? A non-PnP kernel-mode driver that is not a boot-start driver must have either a catalog file with an SPC signature or the driver file must include an embedded SPC signature.
? A PnP kernel-mode driver that is not a boot-start driver must have either an embedded SPC signature, a catalog file with a WHQL release signature, or a catalog file with an SPC signature. Although the kernel-mode code signing policy does not require that the catalog file of a PnP driver be signed, PnP device installation treats a driver as signed only if the catalog file of the driver is also signed.