All Microsoft Surface Pro X cameras just stopped working Users of Microsoft's Surface Pro X have found their Windows fondleslab cameras no longer function, apparently due to an expired security certificate. Numerous reports of camera failures started to appear Tuesday in online forums such as Reddit and the Microsoft Community. The issue affected both front and back cameras on the …
Signed drivers + driver signature enforcement. The digital certificate expired, ergo the driver won't load.
The fundamental question that you posed still exists though. Microsoft have implemented this system for security purposes (anti-tampering) ... but how further can the pendulum swing before it becomes too much of an encroachment on our private property?
You are right the question still exists, the answer to why a camera needs a certificate is not because Microsoft said so.
I have had some experience of digital certificates, I implemented the signing process for the applications I work on. The software we develop, every single binary (dlls, exes, etc) are signed with our digital certificate and have a checksum, because our customers require it. But our software will still run and install* even if the certificate is out of date. Because our customers believe, and rightly so, they should be in charge of their upgrade cycle not us.
So what is the point of signing? To validate that the software is genuine they audit all the files before they install.
Therefore let me rephrase my question why does a camera driver need a certificate that will expire rendering the driver inoperable. Basically built in obsolescence.
Sure it stops someone replacing that driver, but if they are able to do that then they are able to download different files to compromise your system.
* The checksum of files is used for validation during install.
The idea behind enforced driver signatures isn't just securing the drivers themselves (preventing malicious code from running at kernel level), but also an integral part of ensuring a completely secure and audited boot chain, from hardware to OS.
No idea why they chose a close expiration date though. They could have let it expire in 10 years' time or something.
If you're going to have an attack either way, it would be great if the attack vector ran with the least possible privileges ;-)
But two things can be true at once. Contrary to the idea that Microsoft and Big Tech generally push all the time, you can absolutely have both security and consumer rights. You can have a trusted, locked-down system, but you should have the ultimate say on how and if that gets enforced. Enough of Big Tech assuming a mommy role for its users.
> Basically built in obsolescence
BINGO!
Not forgetting HaaS: Hardware As A Service - only they weren't even competent at controlling that and the trigger got pulled before they could send out the threatening^^^^^^^^^^^ subscription reminder[1] emails.
[1] What subscription, you ask? You didn't read the entire EULA, did you!
So HTF can a driver certificate expire then?
The important date for a driver certificate is when it was signed. It should never, ever expire!
It should be revoked if it has been discovered that something in the trust chain may have been exposed at some point before it was signed, but never actually expire.
We ship signed drivers, and the certificates we used ten years ago have expired. The hardware still works if you install the decade-old version.
So what is going on?
Who tells you they haven't? The generic HID drivers are also signed.
But if you mean chipping the particular components with digital signatures ... hey, Apple already does exactly that with its fingerprint/face scanner/screen/camera/battery/back panel replacements, and it's a lot of revenue a good thing for their users' security!
Seriously though, it's about time that the false dichotomy of security vs. ownership rights dies out. You can have serialized components done in a way that respects the customer (say a fingerprint sensor - if that dies and replacement is needed, have the device require the current owner's Apple ID or whatever to authenticate the new part, and that's it)
But we all know it isn't about the customer, but about Apple and Big Tech's bottom line.
For the same reason as the snipping tool, Touch Keyboard, Voice Typing and Emoji Panel; the Input Method Editor user interface; and, incredibly, the Getting started and Tips app, and the Start Menu and Settings in S Mode I guess. No real reason whatsoever other than to let you know who's in charge of your computer when it goes wrong.
I am.
The Pro X loads Win32 programs, but also has terrific battery life compared to x86_64. It would get even better when Linux on the Pro X matures.
Sure, the M1 MacBooks demolish the Pro X, but I want a touchscreen on my ARM computer.
No, tablets (Android or iPad) won't cut it, because they run a stretched phone OS.
No, a Chrome OS tablet won't cut it either, because it runs Chrome OS. Yes you can run Crostini, but that's not a solution. Yes you can run GalliumOS, but that's a half-baked experience.
Depends on your use case, the SP X runs native ARM64 apps and MS Office well, has good battery life and is slim and light and runs cool.
I love using it though admittedly I do sometimes resort to my desktop if there's an app that needs power and doesn't run well under emulation. Using the X for Teams calls with work has been a much better experience than on my work SP7 i7/16GB model, which struggles if I need t make ink notes in OneNote at the same time. "Has potential" is maybe the best way of describing it!
As Richard12 points out above, the problem is probably that the test should not be whether the certificate has expired but whether the certificate has been revoked and if it hasn't been revoked whether the driver was signed while the certificate was valid. Thing is that I at least wouldn't know that without a lot of educating on proper digital security implementation. And I wouldn't really expect others to know that either.
The US government has about 8 decades of serious experience with securing tech. And they have found that security is very complicated and therefore quite expensive. Time perhaps that the rest of us learned that.
"...Thank you for informing us of your concern. We understand that your device's Windows Hello and camera have stopped working. We know how important it is to settle this. We are here to help you. We sent you a DM to maximize the characters' usage."
Sounds like ChatGPT is hallucinating again....
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
