Windows7 boot option to allow unsigned drivers ignored

windows-7 driver signing
Eric picture Eric · Feb 8, 2011 · Viewed 30.5k times · Source

I'm learning Windows kernel mode driver development. I've written a small test driver that I can successfully register, unregister, load and unload under Windows 7 32bit Ultima edition running under a VM in VirtualBox.

My host is Windows 7 64bit Home Premium edition.

The driver, compiled for 64 bit, will not load under Windows 7 Home edition. I keep getting a rejection noticed that this version of windows does not allow unsigned drivers.

I've tried two things:

  1. I've used the F8 boot option to allow unsigned drivers (didn't work)

  2. I run a CMD as administrator and execute the following two commands

    bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS

    bcdedit.exe -set TESTSIGNING ON

and rebooted. My desktop shows me in "TestMode" but still I get same rejection noticed.

Can anyone help me out here or explain if there is an additional step for Home edition?

----{ update }---- After pouring through tons of MSDN stuff, it would appear my solution lies in self signing the driver I created. The DDK I downloaded does not appear to have the tool chain to do self signing. I've downloaded WinDDK-7600.16385.1. But what is so strange is that my Windows Ultima Edition happily loads my driver if I simply F8 @ boot time and tell it to allow unsigned drivers.

Answer

Cody Gray picture Cody Gray · Feb 8, 2011

You might try the Driver Signature Enforcement Overrider. It's supported on 64-bit versions of Windows 7, and reports that I've seen confirm that it does indeed work on the "Home Premium" edition.

     Driver Signature Enforcement Overrider screenshot

  1. Download the application from the link below. Right click on it and choose "Run as administrator". Inside its main menu, press on the “Enable Test Mode” button and follow the instructions on the screen. This will enable TESTSIGNING mode, which allows unverified system files to be loaded.

  2. Now all you have to do is to add the unverified signature to the required system files. To do so press on the “Sign a System File” button from the main menu, and enter specific filename including full path. For example: if ATITool64.sys from C:\Windows\System32\drivers refuses to load due to driver signature enforcement, you should type: “C:\Windows\System32\drivers\ATITool64.sys”, and if you would like to sign more than a single file, just repeat this procedure until you’re done, and finally reboot.

After you enabled Test Mode and added signatures to the required system files, they should bypass Windows’s driver signature enforcement and load without any issues. However, if for some reason you are interested to revert it, you can re-launch the application, choose “Disable Test Mode” from the main menu, and reboot. If you encounter issues or having questions, feel free to post it on our forums.

Note: DSEO requires administrative privileges (Run as administrator).

It even allows you to remove the watermark from your desktop!

Related questions

Need to completely remove a device driver in windows 7

I have an old USB device that is not recognized by windows 7, so I grabbed the device driver for the chip that handles the USB communications. After I modified it I used it to install for the device. Stupid I …

Read More
Bluetooth Low Energy API for Windows 7.0

Windows 8 exposes an API to communicate to Bluetooth Low Energy (Smart) devices, but this API is not available in previous versions of Windows, so how can I communicate with a BLE dongle on Windows 7? The BLE dongle I'm currently using (…

Read More
Is it possible to unload a kernel driver without a reboot?

I'm playing about with one of the kernel driver examples in the Win7 DDK. I can modify compile and build my *.sys file. I can install it too with its INF (using device manager or devcon) or using the Service …

Read More