How do I verify the digital signature of an image from the WDM driver?

I need to verify the digital signatures of downloaded images (dll, exe), if the image does not have a specific signature, it is necessary to reject its download. How can I do this? Are there functions for verifying digital signatures? Both a complete answer and partial information on the question will be useful.

There is no public API by Microsoft, you have two options:

1. Use undocumented API - there is sample here
2. Implement your own test, by reading the image and check signature using CNG Kernel API (BCrypt)