There is nothing stopping you from using third party certificates to sign Windows binaries. It's just expensive. You don't even need a MS toolchain or CLI tool for it.
There is nothing stopping you from using third party certificates to sign Windows binaries. It's just expensive. You don't even need a MS toolchain or CLI tool for it.
> “Users who have enabled system encryption with VeraCrypt may face boot issues after July 2026 because Microsoft will revoke the [certificate authority] that was used to sign the VeraCrypt bootloader,” Idrassi said. “A new Microsoft CA must be used for bootloaders to continue working.”
> Without access to the Microsoft account used for sending software updates, “I will not be able to apply the required new signature to VeraCrypt, making it impossible to boot.”
> It's just expensive
So yes there is.