StefanG3D Posted August 1, 2016 Report Share Posted August 1, 2016 Last year, we announced that beginning with the release of Windows 10, all new Windows 10 kernel mode drivers must be submitted to the Windows Hardware Developer Center Dashboard portal (Dev Portal) to be digitally signed by Microsoft. However, due to technical and ecosystem readiness issues, this was not enforced by Windows Code Integrity and remained only a policy statement. Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal. OS signing enforcement is only for new OS installations; systems upgraded from an earlier OS to Windows 10, version 1607 will not be affected by this change. We’re making these changes to help make Windows more secure. These changes limit the risk of an end-user system being compromised by malicious driver software. Read more... Quote Link to comment Share on other sites More sharing options...
Robbo the Second Posted August 2, 2016 Report Share Posted August 2, 2016 When I first read about this in a post over in notebookreview forums I was concerned it was gonna affect my laptop - considering I'm using a non-standard GPU and require unsigned drivers (using your modified inf), but then I did indeed read further and see the exceptions to the enforcement: upgrading from previous version of Windows, no secure boot (I don't have UEFI BIOS). Hopefully it will stay this way and Microsoft won't dissallow these exception in the future - what do you reckon? Quote Link to comment Share on other sites More sharing options...
mobilenvidia Posted August 2, 2016 Report Share Posted August 2, 2016 Stay with Developer builds, build 14393 is on 1616, retail versions might give you issues Quote Link to comment Share on other sites More sharing options...
Robbo the Second Posted August 3, 2016 Report Share Posted August 3, 2016 I upgraded to the latest retail 1607 last night - it works fine, only minor changes, had to reinstall the NVidia driver as it (I guess obviously) couldn't install unsigned drivers automatically. Hopefully in the future Microsoft will still continue to allow unsigned drivers on my laptop. Quote Link to comment Share on other sites More sharing options...
StefanG3D Posted August 3, 2016 Author Report Share Posted August 3, 2016 Do you remember the insider builds with screwed BCDEDIT? I think these were silent tests. Try the following and if it works backup BCDEDIT.EXE somewhere for later use: disable driver signature - secure boot off bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS bcdedit -set testsigning ON disable driver signature - secure boot on bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS http://acer.custhelp.com/app/answers/detail/a_id/38289/~/windows-10%3A-disable-signed-driver-enforcement Quote Link to comment Share on other sites More sharing options...
Robbo the Second Posted August 4, 2016 Report Share Posted August 4, 2016 (edited) 8 hours ago, StefanG3D said: Do you remember the insider builds with screwed BCDEDIT? I think these were silent tests. Try the following and if it works backup BCDEDIT.EXE somewhere for later use: disable driver signature - secure boot off bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS bcdedit -set testsigning ON disable driver signature - secure boot on bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS http://acer.custhelp.com/app/answers/detail/a_id/38289/~/windows-10%3A-disable-signed-driver-enforcement (Not sure if you're talking to me). I used the following command to enable the boot menu which allows me to disable driver signature enforcement before driver install: bcdedit /set {default} bootmenupolicy legacy Are you saying that this command might not work in future versions of Windows 10 if Microsoft get 'sneaky'? If so, then are you talking about backing up bcdedit so you can reapply that bcdedit command in the future even if Microsoft disables it? How do you back up bcdedit? Edited August 4, 2016 by Robbo the Second Quote Link to comment Share on other sites More sharing options...
StefanG3D Posted August 4, 2016 Author Report Share Posted August 4, 2016 9 hours ago, Robbo the Second said: (Not sure if you're talking to me). I used the following command to enable the boot menu which allows me to disable driver signature enforcement before driver install: bcdedit /set {default} bootmenupolicy legacy Are you saying that this command might not work in future versions of Windows 10 if Microsoft get 'sneaky'? If so, then are you talking about backing up bcdedit so you can reapply that bcdedit command in the future even if Microsoft disables it? How do you back up bcdedit? Yes, there were not working insider builds some months ago. At the time i used the executable from Windows.old folder. Now you can simply copy c:windows\system32\bcdedit.exe to "my documents" Quote Link to comment Share on other sites More sharing options...
Robbo the Second Posted August 4, 2016 Report Share Posted August 4, 2016 1 hour ago, StefanG3D said: Yes, there were not working insider builds some months ago. At the time i used the executable from Windows.old folder. Now you can simply copy c:windows\system32\bcdedit.exe to "my documents" Brilliant, thanks for the info, I'll back that bcdedit.exe up now - just in case they remove it from the OS in future - bonus! Quote Link to comment Share on other sites More sharing options...
StefanG3D Posted August 4, 2016 Author Report Share Posted August 4, 2016 Found some new crap: "TakeOwnershipEx" only failed before in c:\Program Files\WindowsApps Now it also fails in c:\windows\system32\driverstore\filerepository Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.