PRODUCT

Drivers.

Driver rings per OEM model — Lenovo, Dell, HP, and the rest.

PIPELINE

On the roadmap — vote it up.

THE PROBLEM

What's broken without it.

Driver management on Windows is a spreadsheet. OEM update tools fight Windows Update, which fights your endpoint manager, which fights your image. Bad drivers ship to entire fleets because there is no canary ring and no rollback signal short of the helpdesk queue spiking.

audit-trail.log · status quo

1 # T+0 install completes on 1,204 endpoints

2 # T+2d scanner runs across the fleet

3 # T+2d scanner flags 14 endpoints with vulnerable artifact

4 # T+3d helpdesk tickets begin to arrive

5 # T+5d incident response opens IR-2026-0418

6 # T+9d auditor asks: "who approved this artifact?"

7 # T+9d answer: nobody. it shipped because the CDN said so.

HOW ATTESTREE SOLVES IT

The approach.

Attestree Drivers brings real ring-based deployment to driver updates, scoped per OEM model. Canary, broad, and frozen rings get distinct update windows. WHQL signatures and OEM provenance are verified at ingest. Rollback is a single signed policy change, applied in minutes.

attestree.toml · drivers

1 # pipeline product

2

3 # Syntax stabilizes once development starts.

4 # Vote this up on the waitlist to influence the design.

BUILT FOR

Homelab Small business Mid-market Enterprise

WHAT'S NEXT

Roadmap, in three moves.

design-partner mode through GA

OEM model catalogs

Lenovo, Dell, HP, Microsoft Surface — first-class catalogs with vendor signatures pinned.

Q2 2027

Health-signal rollback

Auto-pause a ring when crash signatures or BSOD telemetry cross a threshold.

Q3 2027

WHQL + custom co-signing

Require both Microsoft WHQL and your internal driver-signing CA before admission.

Ready for drivers on your fleet?

Get on the list — your vote moves this up the roadmap.

Join pipeline waitlist

OTHER PRODUCTS

Winget Enterprise Inventory Transforms Drivers Firmware Windows Updates