Catalogs for Protected Environment signed binaries do not persist through an operating system upgrade, and may not be reverted when rolling back a component installation upgrade
The Media Foundation Protected Media Path executable runs within a Protected Environment (PE) when media content has DRM restrictions. This executable, mfpmp.exe, has an extensibility model for 3rd-party Media Foundation components.
The Audio Device Graph Isolation executable always runs in a PE to protect any audio content that may require DRM. The audiodg.exe binary also has an extensibility model for 3rd-party user-mode components such as Audio Processing Objects.
These components, as well as user-mode audio and video drivers, will only load into a PE if signed properly for the environment. Signing is implemented through WHQL where tied to hardware through the submission process, or using the licensed PE SDK for drivers not passing through WHQL and for other components. The PE SDK provides instructions for signing binaries through the use of catalog files.
Two issues have been identified in the use of catalog signing:
- The catalog entries in the catalog database are not persisted through an operating system upgrade. The effect is that PE-signed components will no longer load into a PE after upgrade.
- Performing a rollback of a PE component upgrade does not reliably replace the newer entry in the catalog database with the pre-upgrade catalog. The effect is again that the components signed by the catalog will no longer load into a PE.
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB959916.