• Installing unsigned drivers. Digital signature of drivers. Disabling digital signature verification

    PC users know that it is highly undesirable to install programs that are unsigned or do not have a security certificate on their system. The same applies to drivers. Unsigned drivers are even more dangerous than programs; for this reason, for security reasons, Microsoft developers have completely blocked the ability to install them in Windows 8. But what should the user do in this situation, if he needs to connect, for example, an outdated printer or scanner to a PC, and not just connect, but also work with the device? The developers left the option to install unsigned drivers in Windows 8 and Windows 8.1, but hid it in the very “wild” of the system.

    To allow installation unsigned drivers, you need to log into Windows with driver signature verification disabled. To do this, reboot your PC with advanced boot options. This is done as follows.

    Close everything open source software and only after that, move the mouse cursor to the lower right corner so that the sidebar Charms Bar (this “Miracle Bar” can also be called up by pressing the key combination “Win ​​+ C” on your keyboard). Go to the “Options” section.

    In the window that opens, click on the “Update and Recovery” menu section (on the left). Next, click “Recovery”. After the last click, a list with partitions and recovery options will appear on the right; click on the “Restart now” button in the “ section Special options downloads".

    The computer will begin to reboot the system, wait until it appears on the screen special menu extended loading. Click on “Diagnostics” and then on “ Additional options” and then select the “Boot Options” tile.

    In the newly opened window you will see a list listing the reasons for restarting the PC in non-standard mode, in it you will find the item you need “Disable mandatory check driver signatures.” Click on the only “Reboot” button in this window.

    After the computer restarts, a dialog box will appear on your monitor screen offering various options for continuing. You need to select the seventh option “Disable mandatory driver signature verification”. Press the number seven on your keyboard to have the PC continue booting with the selected options.

    That's it, now blocking unsigned drivers in Windows 8 is disabled, and you can safely start installing them on the system. However, the lock is not disabled forever; after you restart the computer again, it will log into the system in normal mode, but at the same time, all the drivers you installed will not be blocked, but will continue to work, and you will be able to use an outdated or non-standard device connected to the PC.

    Once installed on any computer, the operating system must take care of many things, such as memory management, hardware optimization, and resource allocation/reallocation. But this is all on the surface. In addition to this, the OS must also take care of the overall stability and integrity of the system by ensuring the security of the data stored in it.

    Thanks to its functionality, Windows 10 can automatically prevent the installation of devices that come with unsigned drivers.


    What are unsigned device drivers? And why should you disable them?

    For any device that will be installed on a computer running Windows OS, its corresponding device driver(s) must pass Windows Hardware Quality Level (WHQL) tests. Device drivers that pass these tests have a digitally signed certificate file from Microsoft included in the driver installation package, and these drivers are called signed drivers. And vice versa.

    It is very important that in digital form Unsigned drivers are not allowed to be installed on your computer, as they may include malicious code. Although the OS will explicitly issue a warning when an unsigned driver installation takes place, this warning can be bypassed. Therefore, it is best to limit the installation of unsigned drivers as much as possible.

    How to disable installation of unsigned device drivers in Windows 10?

    It's quite easy to do this:

    Step 1: Enter gpedit.msc V search bar and click OK to run Windows OS. Now in the left pane, find and go to User Configuration > Administrator Templates > System - User Configuration > Administrative Templates > System and double click on Driver Installation - Driver installation in the right panel.

    Step 2: In the settings submenu displayed in the right pane, right-click on Code signing for device drivers - device drivers and press Edit - Change to open the configuration window. Now, change the parameter value to Turn on, and go down to Options. Here in the drop-down window under the menu with the text If Windows detects a driver file without digital signature: and select Lock. Next click Apply > OK. Here's a screenshot.

    If you ever suddenly need to connect to a computer running Windows 8.x or 10 any old device, most likely, you will not be able to find a driver officially signed by the device manufacturer. In other words, you will encounter problems when trying to install the device in latest versions operating system from Microsoft. For this reason, in this article we will show you step by step how to install unsigned drivers in Win 8.x or 10.

    Before we jump into the installation process itself, let's know what a signed driver is. A signed driver is digitally signed, and this is a security measure that allows you to verify the authenticity of the driver package. It also helps ensure that no one has modified the contents of the driver other than the manufacturer. If the driver is digitally signed, this means that it is trusted and you can safely install it on your system.

    Instructions

    In Windows 8, use the Win + i keyboard shortcut to open the Chrams panel. Next, press "Power off" and then, while holding down Shift key, click Reboot. There is no Chrams panel in Windows 10, so use the Start menu to do the same.

    The operating system will restart and load a menu with additional options. In this menu, select the “Diagnostics” section.

    Now click on "Advanced Options".

    The Boot Options section allows you to change various configuration options Windows startup, but we need to reboot the system so that mandatory driver signature verification is disabled. On this screen, simply click the Reboot button.

    The operating system will restart, but instead of the desktop you will be taken to the Boot Options screen. Here, press the F7 key on your keyboard. This will cause Windows 8.x to start in a mode that allows you to install unsigned device drivers.

    As you know, for the correct, stable and productive operation of PC components and peripheral devices additional installation required software. Downloaded driver from the official website or via special applications often installs without problems. However, this only happens if its testing by Microsoft was successful. In rare cases, the certificate may be missing for some reason, causing the user to have problems installing the required driver.

    As mentioned above, in most cases, all related hardware software is pre-tested by Microsoft. If the test is successfully completed, the company adds a special certificate file, which is a digital signature. This document signifies the authenticity and safety of the driver for the operating system, making its installation easy.

    However, not all software may have such a certificate. For example, it may be missing for a driver for old (but technically working) equipment. But there are other situations in which a new device or virtual drivers may not have a signature.

    Be careful when installing an unverified driver! By disabling scanning, you jeopardize the performance of the system and the safety of your data. Install it only if you are sure of the security of the file and the source from which it was downloaded.

    Moving on to the main topic of the question, I would like to note that there are 3 working options for disabling driver signature verification. One of them works until the PC is rebooted, the second disables protection until the user then manually turns it on. Read more about each of them below.

    Method 1: Windows specific boot options

    Most often, the need to disable digital signature verification occurs once. In this situation, it is most logical to use a temporary permit. It will work once: until the next reboot of the computer. During this period of time, you can install any number of unverified drivers, restart the PC, and certificate verification will work as before, protecting the operating system.

    First of all, start the OS in a special mode. Windows 10 users will need to follow these steps:

    1. Run "Options", calling "Start".

      The same can be done by calling the alternative RMB menu.

    2. Open "Update and Security".

    3. In the menu on the left, go to "Recovery", and on the right, under "Special download options", click "Reboot Now".

    4. Wait for Windows to start and select the partition "Troubleshooting".

    5. IN "Diagnostics" go to "Advanced options".

    6. Open here "Boot Options".

    7. Check out what will be applied the next time you start the system and click "Reboot".

    8. This mode will disable mouse control and change the screen resolution to low. The item responsible for disabling driver signature verification is seventh on the list. Accordingly, press on your keyboard F7.

    9. A restart will begin, after which you can complete the installation.

    Sequence of actions for Windows users 7 other:


    Now you can start installing the software.

    The next time you turn on the computer, the system will start normally, and it will again begin to check the signature of the drivers that you want to install. Please note that this service does not verify installed drivers, for this you need to run separate application, which for obvious reasons does not interest us.

    Method 2: Command Line

    Using the well-known command line interface, the user can disable the digital signature by entering 2 commands in sequence.
    This method only works when standard interface BIOS. Owners motherboards with UEFI you will need to first disable Secure Boot.

    You can return your settings at any time by opening cmd method, described above, and entering this:

    bcdedit.exe -set TESTSIGNING OFF

    After that click Enter and restart your computer. Now drivers will always be checked by the operating system. Additionally, you can re-enable UEFI in the same way you disabled it.

    Method 3: Local Group Policy Editor

    Another option for solving this problem is editing the computer policy. Owners can use it Windows versions above Home.


    Run the driver that failed to install and try again.

    Method 4: Create a digital signature

    The methods discussed in this article do not always work. If it is impossible to disable verification, you can go the other way - create a signature manually. It is also suitable if the signature of the installed software “flies” from time to time.


    We've looked at several ways to install unsigned software. Each of them is simple and accessible even for novice users. Once again it is worth recalling the unsafety of such an installation and possible errors in the form blue screen death. Don't forget to create a restore point first.

    Sometimes a problem arises with old drivers; due to a block, they cannot be installed. If desired, this protection can be disabled and you can safely install an unsigned driver. Now we will look at how to disable driver digital signature verification in Windows 8 and install unsigned drivers

    Disable driver digital signature verification

    Before you proceed with the steps described below, you should be clearly aware that by installing unknown software, there is a high risk of putting your system (and the integrity of your data) at risk. Therefore, you perform all actions solely at your own peril and risk, subject to clear confidence in the safety of this software.

    The need for a digital signature appeared in Vista. But in this system, as in Windows 7, a regular warning is displayed, in which there is an option to allow the installation of unknown software. But starting with Windows 8, the warning firmly prohibits installation and there are no buttons to cancel it. At first glance, it may seem that installing such a driver is generally impossible. In fact, there will always be loopholes.

    Disable signature verification through boot options

    Signature verification can be disabled in the boot options menu. To open it, simultaneously press the Win+I keys, and in the menu that opens, click on “Change PC Settings”. In the next window, click on the “General” tab and click on the “Restart Now” button. After this, the computer will immediately reboot and when the system starts, a menu with boot options will appear. By the way, you can also get to this menu by rebooting from the command line as an administrator:

    shutdown.exe /r /o /f /t 00

    In the menu we must open the “Diagnostics” section (Troubleshoot).


    And in it click on “Advanced Startup”.

    After that, select Startup Settings.
    Then click on the “Restart” button.

    The computer will now restart again, after which a new menu with boot options will appear. We need to select the seventh item “Disable driver signature enforcement”. It disables driver authentication. To select it, press F7, or the 7 key, on your keyboard.
    After activating this parameter, there will be Windows boot 8 in a mode that allows you to install drivers from an unknown publisher. When you start installing such a driver, a dialog box will appear on the screen in which there will be a warning that it is impossible to check this software.

    Select the second item " Install anyway this driver» (Install this driver software anyway). The installation of the unsigned driver should then begin. After this, we reboot and boot the system in its normal mode. Checking how the newly installed driver works

    If nothing worked with the previous method, then there is another trick that allows you to install drivers without a signature. On systems such as Windows 8 and Windows Server 2012, a special " test mode" or "Test Mode". You can install any software in it, even if it is blocked in normal mode. But this mode of operation is also associated with increased danger. In debug mode, the risk of breaking normal work system or infect it with malware.

    For a 64-bit operating system, this is done as follows. Let's launch command line as administrator and enter the command:

    bcdedit.exe /set nointegritychecks ON

    bcdedit.exe /set TESTSIGNING ON

    After that, immediately enter this:

    bcdedit.exe /set loadoptions DDISABLE_INTEGRITY_CHECKS

    Watch the messages in the terminal carefully. After completing each step, a confirmation of the successfully completed command should be displayed.
    Now restart your PC and try to install the problematic driver. After the reboot, pay attention to the bottom corner of the screen, near the clock. There should be a message saying Windows work 8 in test mode.

    Read more: