Jump to content
LaptopVideo2Go Forums

Driver Signing changes in Windows 10, version 1607


StefanG3D

Recommended Posts

Last year, we announced that beginning with the release of Windows 10, all new Windows 10 kernel mode drivers must be submitted to the Windows Hardware Developer Center Dashboard portal (Dev Portal) to be digitally signed by Microsoft. However, due to technical and ecosystem readiness issues, this was not enforced by Windows Code Integrity and remained only a policy statement.

Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal. OS signing enforcement is only for new OS installations; systems upgraded from an earlier OS to Windows 10, version 1607 will not be affected by this change.

We’re making these changes to help make Windows more secure. These changes limit the risk of an end-user system being compromised by malicious driver software.

 

Read more...

Link to comment
Share on other sites

When I first read about this in a post over in notebookreview forums I was concerned it was gonna affect my laptop - considering I'm using a non-standard GPU and require unsigned drivers (using your modified inf), but then I did indeed read further and see the exceptions to the enforcement:  upgrading from previous version of Windows, no secure boot (I don't have UEFI BIOS).  Hopefully it will stay this way and Microsoft won't dissallow these exception in the future - what do you reckon?

Link to comment
Share on other sites

Stay with Developer builds, build 14393 is on 1616, retail versions might give you issues
 

Link to comment
Share on other sites

I upgraded to the latest retail 1607 last night - it works fine, only minor changes, had to reinstall the NVidia driver as it (I guess obviously) couldn't install unsigned drivers automatically.  Hopefully in the future Microsoft will still continue to allow unsigned drivers on my laptop.

Link to comment
Share on other sites

Do you remember the insider builds with screwed BCDEDIT? I think these were silent tests.

Try the following and if it works backup BCDEDIT.EXE somewhere for later use:

disable driver signature - secure boot off
bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit -set testsigning ON

disable driver signature - secure boot on
bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
http://acer.custhelp.com/app/answers/detail/a_id/38289/~/windows-10%3A-disable-signed-driver-enforcement

 

Link to comment
Share on other sites

8 hours ago, StefanG3D said:

Do you remember the insider builds with screwed BCDEDIT? I think these were silent tests.

Try the following and if it works backup BCDEDIT.EXE somewhere for later use:


disable driver signature - secure boot off
bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit -set testsigning ON

disable driver signature - secure boot on
bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
http://acer.custhelp.com/app/answers/detail/a_id/38289/~/windows-10%3A-disable-signed-driver-enforcement

 

(Not sure if you're talking to me).  I used the following command to enable the boot menu which allows me to disable driver signature enforcement before driver install:  

bcdedit /set {default} bootmenupolicy legacy

Are you saying that this command might not work in future versions of Windows 10 if Microsoft get 'sneaky'?  If so, then are you talking about backing up bcdedit so you can reapply that bcdedit command in the future even if Microsoft disables it?  How do you back up bcdedit?

Edited by Robbo the Second
Link to comment
Share on other sites

9 hours ago, Robbo the Second said:

(Not sure if you're talking to me).  I used the following command to enable the boot menu which allows me to disable driver signature enforcement before driver install:  

bcdedit /set {default} bootmenupolicy legacy

Are you saying that this command might not work in future versions of Windows 10 if Microsoft get 'sneaky'?  If so, then are you talking about backing up bcdedit so you can reapply that bcdedit command in the future even if Microsoft disables it?  How do you back up bcdedit?

Yes, there were not working insider builds some months ago.

At the time i used the executable from Windows.old folder.

Now you can simply copy c:windows\system32\bcdedit.exe to "my documents"

 

 

Link to comment
Share on other sites

1 hour ago, StefanG3D said:

Yes, there were not working insider builds some months ago.

At the time i used the executable from Windows.old folder.

Now you can simply copy c:windows\system32\bcdedit.exe to "my documents"

 

 

Brilliant, thanks for the info, I'll back that bcdedit.exe up now - just in case they remove it from the OS in future - bonus!

Link to comment
Share on other sites

Found some new crap:

"TakeOwnershipEx" only failed before in c:\Program Files\WindowsApps

Now it also fails in c:\windows\system32\driverstore\filerepository

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...