Saturday, November 19, 2016

Disable Driver Signature Verification

How to Disable Driver Signature Verification on 64-Bit Windows 8 or 10 (So That You Can Install Unsigned Drivers)



64-bit versions of Windows 10 and 8 include a “driver signature enforcement” feature. They’ll only load drivers that have been signed by Microsoft. To install less-than-official drivers, old unsigned drivers, or drivers you’re developing yourself, you’ll need to disable driver signature enforcement.

With Windows 10’s Anniversary Update, Microsoft tightened the screws even further. But you can avoid the more restrictive driver-signing requirements by disabling Secure Boot.

Driver Signature Enforcement Is a Security Feature


Before you begin, keep in mind: Microsoft isn’t just trying to make your life harder here. Driver signing enforcement ensures that only drivers that have been sent to Microsoft for signing will load into the Windows kernel. This prevents malware from burrowing its way into the Windows kernel.

Disable driver signing and you’ll be able to install drivers that weren’t officially signed. Be sure you know what you’re doing! You should only install drivers you trust.

Option One: Enable Test Signing Mode


Windows includes a “Test Mode” or “Test Signing” Mode feature. Enable this mode and driver signature enforcement will be disabled until you choose to leave Test Mode. You’ll see a “Test Mode” watermark appear at the bottom right corner of your desktop near your clock, informing you that Test Mode is enabled.

You’ll need to run a command from an Administrator Command Prompt to do this. To launch one, right-click the Start button or press Windows+X and select “Command Prompt (Admin)”.



Paste the following command into the Command Prompt window and press Enter:

bcdedit /set testsigning on

If you see a message saying the value is “protected by Secure Boot policy”, that means Secure Boot is enabled in your computer’s UEFI firmware. You’ll need to disable Secure Boot in your computer’s UEFI firmware (also known as its BIOS) to enable test signing mode.



Restart your computer to enter test mode. You’ll see the “Test Mode” watermark appear at the bottom right corner of your desktop and you’ll be free to install whatever unsigned drivers you want.

To leave test mode, open a Command Prompt window as Administrator once again and run the following command:

bcdedit /set testsigning off



Option Two: Use an Advanced Boot Option


There’s also another way to do this. You can use the advanced boot options menu to boot Windows 10 with driver signature enforcement disabled. This isn’t a permanent configuration change. The next time you restart Windows, it will boot with driver signature enforcement enabled—unless you go through this menu again.

To do this, get to the Windows 8 or 10 advanced boot options menu. For example, you can hold down the Shift key while you click the “Restart” option in Windows. Your computer will restart into the menu.



Select the “Troubleshoot” tile on the Choose an option screen that appears.



Select “Advanced options”.



Click the “Startup Settings” tile.



Click the “Restart” button to restart your PC into the Startup Settings screen.



Type “7” or “F7” at the Startup Settings screen to activate the “Disable driver signature enforcement” option.



Your PC will boot with driver signature enforcement disabled and you’ll be able to install unsigned drivers. However, the next time you restart your computer, driver signature enforcement will be disabled—unless you go through this menu again. You’re now free to install drivers that haven’t been officially signed by Microsoft.

No comments:

Post a Comment