Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Generated, relatively locked down code integrity policy.
<?xml version="1.0" encoding="utf-8"?>
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
<VersionEx>10.0.0.0</VersionEx>
<PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
<Rules>
<Rule>
<Option>Required:Enforce Store Applications</Option>
</Rule>
<Rule>
<Option>Enabled:UMCI</Option>
</Rule>
<Rule>
<Option>Disabled:Flight Signing</Option>
</Rule>
<Rule>
<Option>Required:WHQL</Option>
</Rule>
<Rule>
<Option>Enabled:Unsigned System Integrity Policy</Option>
</Rule>
<Rule>
<Option>Enabled:Advanced Boot Options Menu</Option>
</Rule>
</Rules>
<!--EKUS-->
<EKUs />
<!--File Rules-->
<FileRules>
<FileAttrib ID="ID_FILEATTRIB_F_1_0_0_1_0_0" FriendlyName="cdb.exe" FileName="CDB.Exe" MinimumFileVersion="99.0.0.0" />
<FileAttrib ID="ID_FILEATTRIB_F_2_0_0_1_0_0" FriendlyName="kd.exe" FileName="kd.exe" MinimumFileVersion="99.0.0.0" />
<FileAttrib ID="ID_FILEATTRIB_F_3_0_0_1_0_0" FriendlyName="windbg.exe" FileName="windbg.exe" MinimumFileVersion="99.0.0.0" />
<FileAttrib ID="ID_FILEATTRIB_F_4_0_0_1_0_0" FriendlyName="MSBuild.exe" FileName="MSBuild.exe" MinimumFileVersion="99.0.0.0" />
<FileAttrib ID="ID_FILEATTRIB_F_5_0_0_1_0_0" FriendlyName="csi.exe" FileName="csi.exe" MinimumFileVersion="99.0.0.0" />
</FileRules>
<!--Signers-->
<Signers>
<Signer ID="ID_SIGNER_S_1_0_0_0_0_0_0_0" Name="Microsoft Windows Production PCA 2011">
<CertRoot Type="TBS" Value="4E80BE107C860DE896384B3EFF50504DC2D76AC7151DF3102A4450637A032146" />
</Signer>
<Signer ID="ID_SIGNER_S_AE_0_0_0_0_0_0_0" Name="Intel External Basic Policy CA">
<CertRoot Type="TBS" Value="53B052BA209C525233293274854B264BC0F68B73" />
</Signer>
<Signer ID="ID_SIGNER_S_AF_0_0_0_0_0_0_0" Name="Microsoft Windows Third Party Component CA 2012">
<CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
</Signer>
<Signer ID="ID_SIGNER_S_17C_0_0_0_0_0_0_0" Name="COMODO RSA Certification Authority">
<CertRoot Type="TBS" Value="7CE102D63C57CB48F80A65D1A5E9B350A7A618482AA5A36775323CA933DDFCB00DEF83796A6340DEC5EBF7596CFD8E5D" />
</Signer>
<Signer ID="ID_SIGNER_S_18D_0_0_0_0_0_0_0" Name="Microsoft Code Signing PCA 2010">
<CertRoot Type="TBS" Value="121AF4B922A74247EA49DF50DE37609CC1451A1FE06B2CB7E1E079B492BD8195" />
</Signer>
<Signer ID="ID_SIGNER_S_2E0_0_0_0_0_0_0_0" Name="VeriSign Class 3 Code Signing 2010 CA">
<CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
</Signer>
<Signer ID="ID_SIGNER_S_34C_0_0_0_0_0_0_0" Name="Microsoft Code Signing PCA">
<CertRoot Type="TBS" Value="27543A3F7612DE2261C7228321722402F63A07DE" />
</Signer>
<Signer ID="ID_SIGNER_S_34F_0_0_0_0_0_0_0" Name="Microsoft Code Signing PCA 2011">
<CertRoot Type="TBS" Value="F6F717A43AD9ABDDC8CEFDDE1C505462535E7D1307E630F9544A2D14FE8BF26E" />
</Signer>
<Signer ID="ID_SIGNER_S_37B_0_0_0_0_0_0_0" Name="Microsoft Root Certificate Authority">
<CertRoot Type="TBS" Value="391BE92883D52509155BFEAE27B9BD340170B76B" />
</Signer>
<Signer ID="ID_SIGNER_S_485_0_0_0_0_0_0_0" Name="Microsoft Windows Verification PCA">
<CertRoot Type="TBS" Value="265E5C02BDC19AA5394C2C3041FC2BD59774F918" />
</Signer>
<Signer ID="ID_SIGNER_S_1_1_0_0_0_0_0_0" Name="Microsoft Windows Production PCA 2011">
<CertRoot Type="TBS" Value="4E80BE107C860DE896384B3EFF50504DC2D76AC7151DF3102A4450637A032146" />
</Signer>
<Signer ID="ID_SIGNER_S_35C_1_0_0_0_0_0_0" Name="Microsoft Code Signing PCA">
<CertRoot Type="TBS" Value="27543A3F7612DE2261C7228321722402F63A07DE" />
</Signer>
<Signer ID="ID_SIGNER_S_35F_1_0_0_0_0_0_0" Name="Microsoft Code Signing PCA 2011">
<CertRoot Type="TBS" Value="F6F717A43AD9ABDDC8CEFDDE1C505462535E7D1307E630F9544A2D14FE8BF26E" />
</Signer>
<Signer ID="ID_SIGNER_S_1EA5_1_0_0_0_0_0_0" Name="Microsoft Code Signing PCA 2010">
<CertRoot Type="TBS" Value="121AF4B922A74247EA49DF50DE37609CC1451A1FE06B2CB7E1E079B492BD8195" />
</Signer>
<Signer ID="ID_SIGNER_S_2316_1_0_0_0_0_0_0" Name="Microsoft Windows Verification PCA">
<CertRoot Type="TBS" Value="265E5C02BDC19AA5394C2C3041FC2BD59774F918" />
</Signer>
<Signer ID="ID_SIGNER_S_3D8C_1_0_0_0_0_0_0" Name="Microsoft Code Signing PCA">
<CertRoot Type="TBS" Value="7251ADC0F732CF409EE462E335BB99544F2DD40F" />
</Signer>
<Signer ID="ID_SIGNER_S_4_1_0_0_0" Name="Matthew Graeber">
<CertRoot Type="TBS" Value="B1554C5EEF15063880BB76B347F2215CDB5BBEFA1A0EBD8D8F216B6B93E8906A" />
</Signer>
<Signer ID="ID_SIGNER_S_1_1_0" Name="Intel External Basic Policy CA">
<CertRoot Type="TBS" Value="53B052BA209C525233293274854B264BC0F68B73" />
<CertPublisher Value="Intel(R) Intel_ICG" />
</Signer>
<Signer ID="ID_SIGNER_S_2_1_0" Name="Microsoft Windows Third Party Component CA 2012">
<CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
<CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
</Signer>
<Signer ID="ID_SIGNER_S_19_1_0" Name="Intel External Basic Policy CA">
<CertRoot Type="TBS" Value="53B052BA209C525233293274854B264BC0F68B73" />
<CertPublisher Value="Intel(R) pGFX" />
</Signer>
<Signer ID="ID_SIGNER_S_20_1_0" Name="iKGF_AZSKGFDCS">
<CertRoot Type="TBS" Value="32656594870EFFE75251652A99B906EDB92D6BB0" />
<CertPublisher Value="IntelVPGSigning2016" />
</Signer>
<Signer ID="ID_SIGNER_S_4E_1_0" Name="Microsoft Windows Third Party Component CA 2012">
<CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
</Signer>
<Signer ID="ID_SIGNER_S_65_1_0" Name="VeriSign Class 3 Code Signing 2010 CA">
<CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
<CertPublisher Value="Logitech" />
</Signer>
<Signer ID="ID_SIGNER_S_5_1_0_0_0" Name="Matthew Graeber">
<CertRoot Type="TBS" Value="B1554C5EEF15063880BB76B347F2215CDB5BBEFA1A0EBD8D8F216B6B93E8906A" />
</Signer>
<Signer ID="ID_SIGNER_F_1_0_0_1_0_0" Name="Microsoft Code Signing PCA">
<CertRoot Type="TBS" Value="27543A3F7612DE2261C7228321722402F63A07DE" />
<CertPublisher Value="Microsoft Corporation" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_1_0_0_1_0_0" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_2_0_0_1_0_0" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_3_0_0_1_0_0" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_4_0_0_1_0_0" />
</Signer>
<Signer ID="ID_SIGNER_F_2_0_0_1_0_0" Name="Microsoft Code Signing PCA 2010">
<CertRoot Type="TBS" Value="121AF4B922A74247EA49DF50DE37609CC1451A1FE06B2CB7E1E079B492BD8195" />
<CertPublisher Value="Microsoft Corporation" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_1_0_0_1_0_0" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_2_0_0_1_0_0" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_3_0_0_1_0_0" />
</Signer>
<Signer ID="ID_SIGNER_F_3_0_0_1_0_0" Name="Microsoft Code Signing PCA 2011">
<CertRoot Type="TBS" Value="F6F717A43AD9ABDDC8CEFDDE1C505462535E7D1307E630F9544A2D14FE8BF26E" />
<CertPublisher Value="Microsoft Corporation" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_4_0_0_1_0_0" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_5_0_0_1_0_0" />
</Signer>
<Signer ID="ID_SIGNER_F_4_0_0_1_0_0" Name="Microsoft Windows Production PCA 2011">
<CertRoot Type="TBS" Value="4E80BE107C860DE896384B3EFF50504DC2D76AC7151DF3102A4450637A032146" />
<CertPublisher Value="Microsoft Windows" />
<FileAttribRef RuleID="ID_FILEATTRIB_F_4_0_0_1_0_0" />
</Signer>
</Signers>
<!--Driver Signing Scenarios-->
<SigningScenarios>
<SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Kernel-mode rules">
<ProductSigners>
<AllowedSigners>
<AllowedSigner SignerId="ID_SIGNER_S_1_0_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_AE_0_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_AF_0_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_17C_0_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_18D_0_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_2E0_0_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_34C_0_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_34F_0_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_37B_0_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_485_0_0_0_0_0_0_0" />
</AllowedSigners>
</ProductSigners>
</SigningScenario>
<SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="User-mode rules">
<ProductSigners>
<AllowedSigners>
<AllowedSigner SignerId="ID_SIGNER_S_1_1_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_1_1_0" />
<AllowedSigner SignerId="ID_SIGNER_S_2_1_0" />
<AllowedSigner SignerId="ID_SIGNER_S_4_1_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_19_1_0" />
<AllowedSigner SignerId="ID_SIGNER_S_20_1_0" />
<AllowedSigner SignerId="ID_SIGNER_S_4E_1_0" />
<AllowedSigner SignerId="ID_SIGNER_S_65_1_0" />
<AllowedSigner SignerId="ID_SIGNER_S_35C_1_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_35F_1_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_1EA5_1_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_2316_1_0_0_0_0_0_0" />
<AllowedSigner SignerId="ID_SIGNER_S_3D8C_1_0_0_0_0_0_0" />
</AllowedSigners>
<DeniedSigners>
<DeniedSigner SignerId="ID_SIGNER_F_1_0_0_1_0_0" />
<DeniedSigner SignerId="ID_SIGNER_F_2_0_0_1_0_0" />
<DeniedSigner SignerId="ID_SIGNER_F_3_0_0_1_0_0" />
<DeniedSigner SignerId="ID_SIGNER_F_4_0_0_1_0_0" />
</DeniedSigners>
</ProductSigners>
</SigningScenario>
</SigningScenarios>
<UpdatePolicySigners>
<UpdatePolicySigner SignerId="ID_SIGNER_S_5_1_0_0_0" />
</UpdatePolicySigners>
<CiSigners>
<CiSigner SignerId="ID_SIGNER_F_1_0_0_1_0_0" />
<CiSigner SignerId="ID_SIGNER_F_2_0_0_1_0_0" />
<CiSigner SignerId="ID_SIGNER_F_3_0_0_1_0_0" />
<CiSigner SignerId="ID_SIGNER_F_4_0_0_1_0_0" />
<CiSigner SignerId="ID_SIGNER_S_1_1_0" />
<CiSigner SignerId="ID_SIGNER_S_1_1_0_0_0_0_0_0" />
<CiSigner SignerId="ID_SIGNER_S_2_1_0" />
<CiSigner SignerId="ID_SIGNER_S_4_1_0_0_0" />
<CiSigner SignerId="ID_SIGNER_S_19_1_0" />
<CiSigner SignerId="ID_SIGNER_S_20_1_0" />
<CiSigner SignerId="ID_SIGNER_S_4E_1_0" />
<CiSigner SignerId="ID_SIGNER_S_65_1_0" />
<CiSigner SignerId="ID_SIGNER_S_35C_1_0_0_0_0_0_0" />
<CiSigner SignerId="ID_SIGNER_S_35F_1_0_0_0_0_0_0" />
<CiSigner SignerId="ID_SIGNER_S_1EA5_1_0_0_0_0_0_0" />
<CiSigner SignerId="ID_SIGNER_S_2316_1_0_0_0_0_0_0" />
<CiSigner SignerId="ID_SIGNER_S_3D8C_1_0_0_0_0_0_0" />
</CiSigners>
<HvciOptions>1</HvciOptions>
</SiPolicy>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment