At present, the default certificate signing algorithm is sha-256, and the applied certificate can be double signed by tools. The abstract algorithms for signing applications or drivers are sha 1 and sha256, but the signed certificate itself is sha-256, which can pass, so the driver files will be incompatible in the old operating system. At present, the kernel driver signature in the old operating system does not support single certificate and double signature, but common applications support single certificate and double signature.

For the kernel-driven signature, if you want to achieve double signature, for example, running on Windows 7 and Windows 10 at the same time, Windows 10 needs sha-256 signature algorithm to create the signature, while the kernel-driven signature of Windows 7 needs sha- 1 to achieve it. That is to say, for the kernel-driven signature, it is necessary to purchase the EV code signature certificate and the standard signature certificate at the same time in order to realize the dual signature of the kernel-driven. For ordinary applications, certificates can be used for double signature to achieve compatibility.