Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
PcaCertificate-level code integrity policy generated on Surface Pro 4 with a fresh install of Win 10 Enterprise Anniversary Update with Chrome installed
<?xml version="1.0" encoding="utf-8"?>
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
<VersionEx>10.0.0.0</VersionEx>
<PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
<Rules>
<Rule>
<Option>Enabled:Unsigned System Integrity Policy</Option>
</Rule>
<Rule>
<Option>Enabled:Audit Mode</Option>
</Rule>
<Rule>
<Option>Enabled:Advanced Boot Options Menu</Option>
</Rule>
<Rule>
<Option>Required:Enforce Store Applications</Option>
</Rule>
<Rule>
<Option>Enabled:UMCI</Option>
</Rule>
</Rules>
<!--EKUS-->
<EKUs />
<!--File Rules-->
<FileRules />
<!--Signers-->
<Signers>
<Signer ID="ID_SIGNER_S_1" Name="Microsoft Code Signing PCA">
<CertRoot Type="TBS" Value="27543A3F7612DE2261C7228321722402F63A07DE" />
</Signer>
<Signer ID="ID_SIGNER_S_2" Name="Microsoft Windows Third Party Component CA 2012">
<CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
</Signer>
<Signer ID="ID_SIGNER_S_4" Name="Microsoft Code Signing PCA 2011">
<CertRoot Type="TBS" Value="F6F717A43AD9ABDDC8CEFDDE1C505462535E7D1307E630F9544A2D14FE8BF26E" />
</Signer>
<Signer ID="ID_SIGNER_S_7" Name="Microsoft Code Signing PCA">
<CertRoot Type="TBS" Value="27543A3F7612DE2261C7228321722402F63A07DE" />
</Signer>
<Signer ID="ID_SIGNER_S_8" Name="Microsoft Windows Third Party Component CA 2012">
<CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
</Signer>
<Signer ID="ID_SIGNER_S_A" Name="Microsoft Code Signing PCA 2011">
<CertRoot Type="TBS" Value="F6F717A43AD9ABDDC8CEFDDE1C505462535E7D1307E630F9544A2D14FE8BF26E" />
</Signer>
<Signer ID="ID_SIGNER_S_24" Name="Microsoft Root Certificate Authority">
<CertRoot Type="TBS" Value="391BE92883D52509155BFEAE27B9BD340170B76B" />
</Signer>
<Signer ID="ID_SIGNER_S_29" Name="Microsoft Root Certificate Authority">
<CertRoot Type="TBS" Value="391BE92883D52509155BFEAE27B9BD340170B76B" />
</Signer>
<Signer ID="ID_SIGNER_S_76" Name="Intel External Basic Policy CA">
<CertRoot Type="TBS" Value="53B052BA209C525233293274854B264BC0F68B73" />
</Signer>
<Signer ID="ID_SIGNER_S_7C" Name="Intel External Basic Policy CA">
<CertRoot Type="TBS" Value="53B052BA209C525233293274854B264BC0F68B73" />
</Signer>
<Signer ID="ID_SIGNER_S_A6" Name="COMODO RSA Certification Authority">
<CertRoot Type="TBS" Value="7CE102D63C57CB48F80A65D1A5E9B350A7A618482AA5A36775323CA933DDFCB00DEF83796A6340DEC5EBF7596CFD8E5D" />
</Signer>
<Signer ID="ID_SIGNER_S_AB" Name="COMODO RSA Certification Authority">
<CertRoot Type="TBS" Value="7CE102D63C57CB48F80A65D1A5E9B350A7A618482AA5A36775323CA933DDFCB00DEF83796A6340DEC5EBF7596CFD8E5D" />
</Signer>
<Signer ID="ID_SIGNER_S_183" Name="Microsoft Windows Production PCA 2011">
<CertRoot Type="TBS" Value="4E80BE107C860DE896384B3EFF50504DC2D76AC7151DF3102A4450637A032146" />
</Signer>
<Signer ID="ID_SIGNER_S_1A2" Name="Microsoft Windows Production PCA 2011">
<CertRoot Type="TBS" Value="4E80BE107C860DE896384B3EFF50504DC2D76AC7151DF3102A4450637A032146" />
</Signer>
<Signer ID="ID_SIGNER_S_2A2" Name="Microsoft Code Signing PCA 2010">
<CertRoot Type="TBS" Value="121AF4B922A74247EA49DF50DE37609CC1451A1FE06B2CB7E1E079B492BD8195" />
</Signer>
<Signer ID="ID_SIGNER_S_2AB" Name="Microsoft Code Signing PCA 2010">
<CertRoot Type="TBS" Value="121AF4B922A74247EA49DF50DE37609CC1451A1FE06B2CB7E1E079B492BD8195" />
</Signer>
<Signer ID="ID_SIGNER_S_E32" Name="Microsoft Code Signing PCA">
<CertRoot Type="TBS" Value="5095BF071B0D9976E40AE08412F4E1D241AFB58C" />
</Signer>
<Signer ID="ID_SIGNER_S_332B" Name="Microsoft Code Signing PCA">
<CertRoot Type="TBS" Value="7251ADC0F732CF409EE462E335BB99544F2DD40F" />
</Signer>
<Signer ID="ID_SIGNER_S_3AB0" Name="Microsoft Windows Phone Production PCA 2012">
<CertRoot Type="TBS" Value="A26156E95BF1EE57E8A410470C08525CDA7862DECBAA2629CACD57DAA5D6D6AD" />
</Signer>
<Signer ID="ID_SIGNER_S_5D72" Name="Microsoft Code Signing PCA">
<CertRoot Type="TBS" Value="7251ADC0F732CF409EE462E335BB99544F2DD40F" />
</Signer>
<Signer ID="ID_SIGNER_S_6033" Name="Microsoft Root Authority">
<CertRoot Type="TBS" Value="8B3C3087B7056F5EC5DDBA91A1B901F0" />
</Signer>
<Signer ID="ID_SIGNER_S_B186" Name="Microsoft Windows Third Party Component CA 2013">
<CertRoot Type="TBS" Value="C55EE44C6DE86FA9AC3FC90F84EF0D4A6CAD5AAC6A112047C88B997E7547AED1" />
</Signer>
<Signer ID="ID_SIGNER_S_12A12" Name="Microsoft Windows Verification PCA">
<CertRoot Type="TBS" Value="265E5C02BDC19AA5394C2C3041FC2BD59774F918" />
</Signer>
<Signer ID="ID_SIGNER_S_12A16" Name="Microsoft Windows Verification PCA">
<CertRoot Type="TBS" Value="265E5C02BDC19AA5394C2C3041FC2BD59774F918" />
</Signer>
<Signer ID="ID_SIGNER_S_16BDB" Name="Microsoft MarketPlace PCA 2011">
<CertRoot Type="TBS" Value="FC9EDE3DCCA09186B2D3BF9B738A2050CB1A554DA2DCADB55F3F72EE17721378" />
</Signer>
<Signer ID="ID_SIGNER_S_21852" Name="iKGF_AZSKGFDCS">
<CertRoot Type="TBS" Value="32656594870EFFE75251652A99B906EDB92D6BB0" />
</Signer>
<Signer ID="ID_SIGNER_S_2AB9F" Name="DigiCert SHA2 Assured ID Code Signing CA">
<CertRoot Type="TBS" Value="E767799478F64A34B3F53FF3BB9057FE1768F4AB178041B0DCC0FF1E210CBA65" />
</Signer>
<Signer ID="ID_SIGNER_S_2B7CE" Name="VeriSign Class 3 Code Signing 2010 CA">
<CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
</Signer>
<Signer ID="ID_SIGNER_S_2C501" Name="DigiCert High Assurance EV Root CA">
<CertRoot Type="TBS" Value="E35EF08D884F0A0ADE2F75E96301CE6230F213A8" />
</Signer>
<Signer ID="ID_SIGNER_S_2CD56" Name="Microsoft Windows Verification PCA">
<CertRoot Type="TBS" Value="B1A2D28695B6B41B0A496AFB1EE9E5ED3247C4A9" />
</Signer>
<Signer ID="ID_SIGNER_S_2CD5C" Name="Microsoft Windows Hardware Compatibility PCA">
<CertRoot Type="TBS" Value="6B3242A9A639B0DA4D5882C7EEB402BE6615AD0C" />
</Signer>
<Signer ID="ID_SIGNER_S_36776" Name="Microsoft Windows Hardware Compatibility PCA">
<CertRoot Type="TBS" Value="2E6E2DB4BC559A1E8797A8D7ADBA9B3EF006F479" />
</Signer>
<Signer ID="ID_SIGNER_S_36777" Name="Microsoft Windows Hardware Compatibility PCA">
<CertRoot Type="TBS" Value="6B3242A9A639B0DA4D5882C7EEB402BE6615AD0C" />
</Signer>
<Signer ID="ID_SIGNER_S_36778" Name="Microsoft Windows Hardware Compatibility PCA">
<CertRoot Type="TBS" Value="2E6E2DB4BC559A1E8797A8D7ADBA9B3EF006F479" />
</Signer>
<Signer ID="ID_SIGNER_S_3677A" Name="WDKTestCert wdclab,130885612892544312">
<CertRoot Type="TBS" Value="1D3AE926D6A9E62B2965AFFFC0694B1EA3C01B57" />
</Signer>
<Signer ID="ID_SIGNER_S_3677D" Name="WDKTestCert wdclab,130885612892544312">
<CertRoot Type="TBS" Value="1D3AE926D6A9E62B2965AFFFC0694B1EA3C01B57" />
</Signer>
<Signer ID="ID_SIGNER_S_368CB" Name="OEMTest OS Root CA">
<CertRoot Type="TBS" Value="CA78F4E1F2D6A4B691BBB61734A5B7DAE801B9011CF8CCA1EF0C76A6F35E9D16" />
</Signer>
<Signer ID="ID_SIGNER_S_368CF" Name="OEMTest OS Root CA">
<CertRoot Type="TBS" Value="CA78F4E1F2D6A4B691BBB61734A5B7DAE801B9011CF8CCA1EF0C76A6F35E9D16" />
</Signer>
<Signer ID="ID_SIGNER_S_370ED" Name="VeriSign Class 3 Code Signing 2010 CA">
<CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
</Signer>
<Signer ID="ID_SIGNER_S_3758F" Name="Intel External Basic Policy CA">
<CertRoot Type="TBS" Value="F56832BC9412C372F9A8744591258F8BB11AF2D8" />
</Signer>
<Signer ID="ID_SIGNER_S_3E994" Name="Symantec Class 3 SHA256 Code Signing CA">
<CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
</Signer>
<Signer ID="ID_SIGNER_S_3E995" Name="Microsoft MarketPlace PCA 2011">
<CertRoot Type="TBS" Value="FC9EDE3DCCA09186B2D3BF9B738A2050CB1A554DA2DCADB55F3F72EE17721378" />
</Signer>
<Signer ID="ID_SIGNER_S_3F0CD" Name="MSIT Test CodeSign CA 6">
<CertRoot Type="TBS" Value="3B17ECC070B26C8ACEEB96333190426F690516B52091444B6D0AADC5999FA330" />
</Signer>
<Signer ID="ID_SIGNER_S_3F0D2" Name="MSIT Test CodeSign CA 6">
<CertRoot Type="TBS" Value="3B17ECC070B26C8ACEEB96333190426F690516B52091444B6D0AADC5999FA330" />
</Signer>
<Signer ID="ID_SIGNER_S_407AB" Name="Thawte Code Signing CA - G2">
<CertRoot Type="TBS" Value="95795D2AA2A554A423BC8C6E5B0A016D14887D35" />
</Signer>
<Signer ID="ID_SIGNER_S_4081D" Name="Microsoft Windows Phone Production PCA 2012">
<CertRoot Type="TBS" Value="A26156E95BF1EE57E8A410470C08525CDA7862DECBAA2629CACD57DAA5D6D6AD" />
</Signer>
<Signer ID="ID_SIGNER_S_4327D" Name="Symantec Class 3 Extended Validation Code Signing CA - G2">
<CertRoot Type="TBS" Value="B3C925B4048C3F7C444D248A2B101186B57CBA39596EB5DCE0E17A4EE4B32F19" />
</Signer>
</Signers>
<!--Driver Signing Scenarios-->
<SigningScenarios>
<SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Auto generated policy on 08-08-2016">
<ProductSigners>
<AllowedSigners>
<AllowedSigner SignerId="ID_SIGNER_S_1" />
<AllowedSigner SignerId="ID_SIGNER_S_2" />
<AllowedSigner SignerId="ID_SIGNER_S_4" />
<AllowedSigner SignerId="ID_SIGNER_S_24" />
<AllowedSigner SignerId="ID_SIGNER_S_76" />
<AllowedSigner SignerId="ID_SIGNER_S_A6" />
<AllowedSigner SignerId="ID_SIGNER_S_1A2" />
<AllowedSigner SignerId="ID_SIGNER_S_2A2" />
<AllowedSigner SignerId="ID_SIGNER_S_5D72" />
<AllowedSigner SignerId="ID_SIGNER_S_12A12" />
<AllowedSigner SignerId="ID_SIGNER_S_36776" />
<AllowedSigner SignerId="ID_SIGNER_S_36777" />
<AllowedSigner SignerId="ID_SIGNER_S_3677A" />
<AllowedSigner SignerId="ID_SIGNER_S_368CB" />
<AllowedSigner SignerId="ID_SIGNER_S_370ED" />
<AllowedSigner SignerId="ID_SIGNER_S_3E995" />
<AllowedSigner SignerId="ID_SIGNER_S_3F0CD" />
<AllowedSigner SignerId="ID_SIGNER_S_4081D" />
</AllowedSigners>
</ProductSigners>
</SigningScenario>
<SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="Auto generated policy on 08-08-2016">
<ProductSigners>
<AllowedSigners>
<AllowedSigner SignerId="ID_SIGNER_S_7" />
<AllowedSigner SignerId="ID_SIGNER_S_8" />
<AllowedSigner SignerId="ID_SIGNER_S_A" />
<AllowedSigner SignerId="ID_SIGNER_S_29" />
<AllowedSigner SignerId="ID_SIGNER_S_7C" />
<AllowedSigner SignerId="ID_SIGNER_S_AB" />
<AllowedSigner SignerId="ID_SIGNER_S_183" />
<AllowedSigner SignerId="ID_SIGNER_S_2AB" />
<AllowedSigner SignerId="ID_SIGNER_S_E32" />
<AllowedSigner SignerId="ID_SIGNER_S_332B" />
<AllowedSigner SignerId="ID_SIGNER_S_3AB0" />
<AllowedSigner SignerId="ID_SIGNER_S_6033" />
<AllowedSigner SignerId="ID_SIGNER_S_B186" />
<AllowedSigner SignerId="ID_SIGNER_S_12A16" />
<AllowedSigner SignerId="ID_SIGNER_S_16BDB" />
<AllowedSigner SignerId="ID_SIGNER_S_21852" />
<AllowedSigner SignerId="ID_SIGNER_S_2AB9F" />
<AllowedSigner SignerId="ID_SIGNER_S_2B7CE" />
<AllowedSigner SignerId="ID_SIGNER_S_2C501" />
<AllowedSigner SignerId="ID_SIGNER_S_2CD56" />
<AllowedSigner SignerId="ID_SIGNER_S_2CD5C" />
<AllowedSigner SignerId="ID_SIGNER_S_36778" />
<AllowedSigner SignerId="ID_SIGNER_S_3677D" />
<AllowedSigner SignerId="ID_SIGNER_S_368CF" />
<AllowedSigner SignerId="ID_SIGNER_S_3758F" />
<AllowedSigner SignerId="ID_SIGNER_S_3E994" />
<AllowedSigner SignerId="ID_SIGNER_S_3F0D2" />
<AllowedSigner SignerId="ID_SIGNER_S_407AB" />
<AllowedSigner SignerId="ID_SIGNER_S_4327D" />
</AllowedSigners>
</ProductSigners>
</SigningScenario>
</SigningScenarios>
<UpdatePolicySigners />
<CiSigners>
<CiSigner SignerId="ID_SIGNER_S_7" />
<CiSigner SignerId="ID_SIGNER_S_8" />
<CiSigner SignerId="ID_SIGNER_S_A" />
<CiSigner SignerId="ID_SIGNER_S_29" />
<CiSigner SignerId="ID_SIGNER_S_7C" />
<CiSigner SignerId="ID_SIGNER_S_AB" />
<CiSigner SignerId="ID_SIGNER_S_183" />
<CiSigner SignerId="ID_SIGNER_S_2AB" />
<CiSigner SignerId="ID_SIGNER_S_E32" />
<CiSigner SignerId="ID_SIGNER_S_332B" />
<CiSigner SignerId="ID_SIGNER_S_3AB0" />
<CiSigner SignerId="ID_SIGNER_S_6033" />
<CiSigner SignerId="ID_SIGNER_S_B186" />
<CiSigner SignerId="ID_SIGNER_S_12A16" />
<CiSigner SignerId="ID_SIGNER_S_16BDB" />
<CiSigner SignerId="ID_SIGNER_S_21852" />
<CiSigner SignerId="ID_SIGNER_S_2AB9F" />
<CiSigner SignerId="ID_SIGNER_S_2B7CE" />
<CiSigner SignerId="ID_SIGNER_S_2C501" />
<CiSigner SignerId="ID_SIGNER_S_2CD56" />
<CiSigner SignerId="ID_SIGNER_S_2CD5C" />
<CiSigner SignerId="ID_SIGNER_S_36778" />
<CiSigner SignerId="ID_SIGNER_S_3677D" />
<CiSigner SignerId="ID_SIGNER_S_368CF" />
<CiSigner SignerId="ID_SIGNER_S_3758F" />
<CiSigner SignerId="ID_SIGNER_S_3E994" />
<CiSigner SignerId="ID_SIGNER_S_3F0D2" />
<CiSigner SignerId="ID_SIGNER_S_407AB" />
<CiSigner SignerId="ID_SIGNER_S_4327D" />
</CiSigners>
<HvciOptions>0</HvciOptions>
</SiPolicy>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment