[NateyJay]

I think kernel mode drivers have more stringent signing requirements than user mode drivers. A user-installed CA definitely cannot be used to silently install a kernel mode driver.

[GordonS]

Yes, I think they also have to be counter signed by Microsoft.

[throwaway613834]

Oh. When you say driver do you mean user-mode? I always assume kernel mode (in every OS). But if so that would make sense!

[lultimouomo]

You need to install a user mode drive to leverage already existing kernel code with your device.

I assume this is what ADB does, using the Microsoft provided WinUSB kernel mode driver and associating it with your mobile phone USB vendor and product ID. There's not a single line of code in such a driver, just some INF descriptors.

There might also be different forms of user mode driver, not sure how they work.

[throwaway613834]

> You need to install a user mode drive to leverage already existing kernel code with your device.

You mean a user-mode application? A user-mode driver is something you write instead of a kernel-mode driver (when it's possible), not on top of it. (?)

[therein]

Windows has User-Mode Driver Framework and Kernel-Mode Driver Framework where UMDF exposes only a part of the kernel API.

KMDF drivers have to be signed with a CA that's not user installed while UMDF drivers may be.

[throwaway613834]

I'm already aware of this and I don't understand how this answers the question in the comment you replied to. Maybe you meant to reply to a different comment?

[NateyJay]

Yes, a user-mode driver is something you would write instead of a kernel mode driver, if you can. Kernel-mode code is the most powerful, but also poses the greatest security and stability threat to the computer, so Microsoft locks it down the hardest. If you don't need the extra power, you can write a use-mode driver that uses Microsoft-provided kernel components (Like Winusb.sys) and you don't have to go through the same security procedures.