Windows 7: Guide to Installing Un-Signed Drivers in Win 7 x64

Since I made the Move to 64-bit a while back, Every once in a while, I would run into a Problem where I needed to Install Driver that was Un-Signed.

As A Security measure in the 64-bit Versions of Vista/7, All Drivers must come with a Secure Digital Signature.

This is not a large problem anymore with the fact that Most Drivers are Signed nowadays. But Older Hardware Drivers tend not to be Signed.

There is a Simple way around this Block.

• Open the Command Prompt in Admin Mode (Type "CMD" into the Start Menu and press "Ctrl+Shift+Enter")
• Enter this Command: bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS

Now when you Re-Boot, You should be able to Install those Pesky Un-Signed Drivers.

Hope it helped. (if so, +Rep is one of the best ways to thank)

Hi Benjamin,

We have a tutorial section for guides like this if you would like this thread moved there?

You can also install unsigned drivers by either self-signing the certificate or installing the one it came with, if it contained any digital certificate


Steven

Self-sign what certificate? If a driver is unsigned it won't have a certificate.

If anyone could self-sign a kernel level driver, any security provided by this feature goes out the window. (no pun intended)

Requiring signed drivers was a genious move by Microsoft. Boy it makes them some serious extra cash.

Ive seen some drivers include self-signed certificates (Nvidia beta, Daemon Tools...) before using their legitimate ones.

Anyone can sign a driver using the SignTool and certutil included with the Windows SDK and Windows DDK, thats more secure than completely disabling Driver Signing and allowing any driver to install/run on your system

Microsoft makes nothing since it cant be a CA, Certificate Authority's like Verisign and Thawte are the ones making the money here

Steven

Microsoft makes tons of cash on things like this. Authenticode and WHQL for example.

I agree that disabling driver signing requirement is insecure. But so is allowing any hacker off the street to sign his own malware, so it doesn't make much difference in the end.

However, it's good news for me the (security conscious) consumer if there really are multiple ways around this whole driver signing requirement.

As Ive said, Microsoft makes nothing. They cant design and build Authenticode/WHQL or Digital Certificates then charge people for learning/using them. If they did then they would be the gate-builder and gate-keeper and have too much power over the security sector while giving themselves another monopoly, It just wont happen again.

AS I said before, You can sign your own code on your own machine, nothing will stop you from re-signing a NVidia driver with your own certificate, what will stop you is trying to use that re-signed driver on another machine, If that machine doesnt have your Self-Signed/Created CA then your self-signed certificate is invalid and useless on another machine.

If its going to be anything like Vista then the RTM version will prevent you from permanently disabling Driver Signing, It will only run for the first reboot, after the second, Driver Signing is re-enabled.

Self-Signing is permanent and the safest solution available

Steven

I realize that the expensive code signing certificates themselves are not provided by Microsoft. That isn't really the issue I am debating.

Microsoft partnering with CA's such as Verisign and requiring signed code is what had the open source community and free software developers in such an uproar.

..........Driver Signature Enforcement Overrider 1.3b - NGOHQ.com

I can attest that all builds after 7201 will re-enable driver signing enforcement after a reboot....

I just usually hit F8 on reboot and disable driver signature verification or watever its called. Allows me too use my PS3 controller as a pc controller which makes me happy lol