none
Permanently disable driver signature enforcement on Win 8.1 x64

    Question

  • Does anyone know how to PERMANENTLY disabled driver signature enforcement in Windows 8.1?

    I have an old piece of hardware that will never have signed drivers for 8.1.  The driver installs and works just fine.  I tested by going to advanced startup options, and choosing "7) Disable driver signature enforcement".  The driver installs and works fine for one session.  After reboot, the driver refuses to load because it isn't signed.

    I have also tried:

    • bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
    • bcdedit -set TESTSIGNING ON
    • Disabled UEFI Secure Boot (in system BIOS)

    The unsigned driver still fails to load after a reboot.

    Please help, this is driving me bonkers!


    -Jon


    • Edited by Glade Creek Monday, October 28, 2013 10:52 PM
    Monday, October 28, 2013 10:52 PM

Answers

  • Since a patch for Vista RTM, the option to PERMANENTLY disabled driver signature enforcement is removed. There are tools outside to workarond it:

    http://www.ngohq.com/?page=dseo

    http://uhlik.sk/?page=swreadydriver

    But I have no idea if they still work in Win8.x


    "A programmer is just a tool which converts caffeine into code"

    • Marked as answer by Glade Creek Tuesday, October 29, 2013 12:55 PM
    Tuesday, October 29, 2013 5:59 AM

All replies

  • Since a patch for Vista RTM, the option to PERMANENTLY disabled driver signature enforcement is removed. There are tools outside to workarond it:

    http://www.ngohq.com/?page=dseo

    http://uhlik.sk/?page=swreadydriver

    But I have no idea if they still work in Win8.x


    "A programmer is just a tool which converts caffeine into code"

    • Marked as answer by Glade Creek Tuesday, October 29, 2013 12:55 PM
    Tuesday, October 29, 2013 5:59 AM
  • Andre.Ziegler, thanks!

    DSEO 1.3b did the trick for Windows 8.1.  Since test signing was already enabled, I just had to "sign a system file" with DSEO.

    To find the right file, I went to device manager, properties of the device in question, driver tab, driver details.  There was 1 .SYS file and 2 .DLL files listed.  I only had to sign the .SYS file with DSEO, reboot, and all is well.

    I'll also note that it seems possible to get the Windows 8.1 Driver Dev Kit and use makecert and signtool to accomplish the same thing, but DSEO is way easier.

    I would also like to note that there are a few viruses out there that infect through driver files, and running a system full time in 'test mode' leaves the door open to them.  In no way should a system be used in production with this workaround.


    -Jon

    Tuesday, October 29, 2013 1:05 PM
  • One more thing to note, re-enabling Secure Boot in the system BIOS disabled test mode, which caused the driver to stop working.  I disabled Secure Boot, and tried to use DSEO to re-enable test mode, but it did not work.  I had to run the follow two commands and reboot before it worked again:

    bcdedit -set loadoptions DISABLE_INTEGRITY_CHECK

    bcdedit -set TESTSIGNING ON


    -Jon


    • Edited by Glade Creek Tuesday, October 29, 2013 1:27 PM
    Tuesday, October 29, 2013 1:26 PM
  • I used this way and fixed.

    rename problem files in C:\windows\system32\drivers\...and reinstall driver. I can't post link here, see: en.community.dell.com/techcenter/os-applications/f/4457/t/19577823.aspx

    Monday, August 25, 2014 5:53 AM
  • Andre.Ziegler, thanks!

    DSEO 1.3b did the trick for Windows 8.1.  Since test signing was already enabled, I just had to "sign a system file" with DSEO.

    To find the right file, I went to device manager, properties of the device in question, driver tab, driver details.  There was 1 .SYS file and 2 .DLL files listed.  I only had to sign the .SYS file with DSEO, reboot, and all is well.

    I'll also note that it seems possible to get the Windows 8.1 Driver Dev Kit and use makecert and signtool to accomplish the same thing, but DSEO is way easier.

    I would also like to note that there are a few viruses out there that infect through driver files, and running a system full time in 'test mode' leaves the door open to them.  In no way should a system be used in production with this workaround.


    -Jon


    DSEO 1.3b not working at win 8.1...yes u can sign the driver but u cant enable test mode and it make the driver cant working.
    Wednesday, December 10, 2014 3:20 AM
  • Andre.Ziegler, thanks!

    DSEO 1.3b did the trick for Windows 8.1.  Since test signing was already enabled, I just had to "sign a system file" with DSEO.

    To find the right file, I went to device manager, properties of the device in question, driver tab, driver details.  There was 1 .SYS file and 2 .DLL files listed.  I only had to sign the .SYS file with DSEO, reboot, and all is well.

    I'll also note that it seems possible to get the Windows 8.1 Driver Dev Kit and use makecert and signtool to accomplish the same thing, but DSEO is way easier.

    I would also like to note that there are a few viruses out there that infect through driver files, and running a system full time in 'test mode' leaves the door open to them.  In no way should a system be used in production with this workaround.


    -Jon


    DSEO 1.3b not working at win 8.1...yes u can sign the driver but u cant enable test mode and it make the driver cant working.

    You can't enable TEST MODE if SECURE BOOT option is turned on in UEFI BIOS setup.  Disable Secure Boot option first, reboot and then use the BCDEDIT -set TESTSIGNING ON command from an elevated Command Prompt.  Turning off Secure Boot is required for the TESTSIGNING command to work.  And also disable the User Account Control [UAC] feature in Windows 8.1 by using TweakUAC 1.1.  Read the following here:

    https://msdn.microsoft.com/en-us/library/windows/hardware/ff553484%28v=vs.85%29.aspx

    "Note  Before setting BCDEdit options you might need to disable or suspend BitLocker and Secure Boot on the computer."


    • Edited by erpmanila3w Monday, January 26, 2015 6:22 PM
    Monday, January 26, 2015 6:18 PM
  • A significant part of the problem is that to deinstall a defunct driver, one must be able to install the .inf file. Microsoft does not provide an easy way to do so and when a new driver wants to uninstall the old one, it can't because the file isn't installed properly. Even reinstalling the Windows 10 DVD in place and preserving files does NOT get rid of the old driver files. I am working on a utility that will run in the install stream  as a malware removal tool to remove unsigned drivers and put them into a sidelined file so you can find them and replace them with new drivers. This is one of the flaws in Microsoft's upgrade in place philosophy.
    Wednesday, June 22, 2016 11:37 PM