Table 4 below describes the standard Scenarios and their associated Security Required, Signing Level, and minimum Hash Algorithm requirements.
As expected, with Microsoft recommending the usage of SHA256 signatures recently, this type of signature is enforced on all their internal scenarios, with SHA1 only being allowed on driver and DRM protected images, Windows Store applications, and other generic Microsoft-signed binaries (presumably for legacy support).
Signing Levels in Windows 8 Before Windows 8.1 introduced the protection level (which we described in Part 1 and Part 2), Windows 8 instituted the .
This undocumented number was a way for the system to differentiate the different types of Windows binaries, something that became a requirement for Windows RT as part of its requirement to prohibit the execution of Windows “desktop” applications.
The scenario table described in Table 4 is what normally ships with Code Integrity on x86 and x64 systems.