PDA

View Full Version : Please how can I disable driver signing in vista x64?


Pages : [1] 2

joelatino
01-31-07, 03:11 AM
Thanks:)

jAkUp
01-31-07, 03:44 AM
If you press F8 while Windows is loading I believe you can enter a non-signed mode.

Not necessary for most apps/drivers though.

joelatino
01-31-07, 03:55 AM
If you press F8 while Windows is loading I believe you can enter a non-signed mode.

Not necessary for most apps/drivers though.

thanks but with F8 the 'hack' is temp,while i would like to find something for use non signed mode always...

ps. i want it for use with rivaturner/ntune....

gizmoy2k
01-31-07, 06:02 AM
lol

ask "princess_frosy" for she was so informative in an earlier post.

You could do it in permanently in RC2 but so far not in RTM for every boot withough pressing F8.

"Princess_forsty" says look harder :(

Darkoz
01-31-07, 07:00 AM
Not sure about Vista or whether it's the same thing but it's worth a shot, in XP you can open DX dialogue by typing dxdiag in start/run and uncheck "check for WHQL digital signatures" on the bottom left corner of the System tab

Lordedmond
01-31-07, 09:57 AM
turn uac off then type in bcdedit in command prompt all you need

joelatino
01-31-07, 10:05 AM
turn uac off then type in bcdedit in command prompt all you need

excuse me but bcedit work also with final release of vista? i thought it was for only beta release...

yehuda
01-31-07, 10:18 AM
You can also use VistaBootPRO if you prefer a gui instead of command prompt.

Slammin
01-31-07, 10:23 AM
Or use EasyBCD.exe (google it).

chiklit
01-31-07, 11:02 AM
I tried it with EasyBCD, it doesn't work on the retail version.

Princess_Frosty
01-31-07, 11:32 AM
AFAIK you only need to boot using F8 when you intend to install unsigned drivers, not when you need to use them, as most major driver installs/upgrade also require a reboot it hardly seems like an anoyance.

There are other methods which include installing and running debugging tools/software in the background, but thats not an easy fix like toggling a simple setting.

joelatino
01-31-07, 12:02 PM
I tried it with EasyBCD, it doesn't work on the retail version.

wich version have you tried? v1.52?

rewt
01-31-07, 12:15 PM
AFAIK you only need to boot using F8 when you intend to install unsigned drivers, not when you need to use them, as most major driver installs/upgrade also require a reboot it hardly seems like an anoyance.

AFAIK, RivaTuner installs an (unsigned) kernel mode driver everytime you run it. So you would have to hit F8 every time you boot your system. Not an ideal solution IMO..

rewt
01-31-07, 12:41 PM
turn uac off then type in bcdedit in command prompt all you need

On the start menu, right click on command prompt shortcut (under tools or accessories, I forget which) and then go "Run as administrator".

No need to disable UAC for this.

Sorry for double post.

chiklit
01-31-07, 03:24 PM
wich version have you tried? v1.52?

Yeah, 1.52. I checked "Allow unsigned driver installation on Vista x64 Edition". Restarted. Then tried Rivatuner and got the same "unsigned driver" error. EasyBCD still shows allowing the driver installation as being checked though.

Remi
02-01-07, 09:25 AM
BCDEDIT (and his GUI-friendly buddies) works, in that it does change the value of the flag in the BCD. However that flag was only used for convenience during development, it have never been intended for release, at least the x64 one, which is good on the long term for reliability. It's now just unused and ignored by the system.

Signing a driver for Vista doesn't mean having the driver WHQL-ed. All that the driver's author/publisher need to do is sign it himself with his own certificate, that's all.

If you have hardware or software requiring unsigned drivers and want to avoid F8, Up, Up, Enter; the best thing to do is to ask to the publisher to sign his drivers. The whole driver development community knows that since about a year (see for instance "The NT Insider" vol 13 Issue 1 Feb.-March 2006, p. 10-11 & p.30, and Issue 2 March-April 2006 p. 4-5)

ArrowMk84
02-01-07, 10:03 AM
I installed Ultimate x64 last night, and I haven't had to do any of the F8 stuff. When Vista gave me the warning about the drivers, I just told it to install anyway, and it works. Nvidia's and Creative's betas work without issue, and the only problem I've had is that Daemon Tools doesn't remount my virtual drives at startup. So, is this topic about the same thing, or something different?

rewt
02-01-07, 10:51 AM
Signing a driver for Vista doesn't mean having the driver WHQL-ed. All that the driver's author/publisher need to do is sign it himself with his own certificate, that's all.

As I understood it, the author's certificate has to be signed by Microsoft as well, which cost's $$$. Otherwise, what stops any malicious author of malware from signing his own driver and releasing it into the wild?

You can't blame Unwinder (or any other freeware author for that matter) for not wanting to fork out the cash to Microsoft. After all, profit was Microsoft's agenda, not security. It just so happens that charging money to allow driver installation increases security...

Remi
02-01-07, 01:32 PM
As I understood it, the author's certificate has to be signed by Microsoft as well, which cost's $$$. Otherwise, what stops any malicious author of malware from signing his own driver and releasing it into the wild?
Negative, the cross certificates are provided for free. This isn't WHQL, the idea isn't to check anything about the driver, only to be able to identify its author/publisher, so that you know that what runs in your machine's kernel has been written by responsible people (people that you can identify in case of an abuse for instance).

You can't blame Unwinder (or any other freeware author for that matter) for not wanting to fork out the cash to Microsoft. After all, profit was Microsoft's agenda, not security. It just so happens that charging money to allow driver installation increases security...
I don't blame him. I like Rivatuner very much, and I appreciate very much what he's doing for the community. I'm probably the first one who asked him if there was a way to run Rivatuner on Vista! I'm just explaining what is needed in order not to have to do F8, Up, Up, Enter.

There's effectively a downside, which is that he needs a certificate. I'm not sure of the exact situation at the moment, but Microsoft's guys have always been very clear that they wanted a solution which is compatible with open-source softwares, which is in their interest too. So if no 100% free solution exists today, at least a cheap one should exist - or be on the works and near completion.

Remi
02-02-07, 09:09 AM
I installed Ultimate x64 last night, and I haven't had to do any of the F8 stuff. When Vista gave me the warning about the drivers, I just told it to install anyway, and it works. Nvidia's and Creative's betas work without issue, and the only problem I've had is that Daemon Tools doesn't remount my virtual drives at startup. So, is this topic about the same thing, or something different?
Because the only one having to sign is the author/publisher, he can sign everything released, even if it's beta - which is probably why nVidia's and Creative's beta drivers don't require F8. If Daemon Tool's driver isn't signed, then it won't be loaded without F8 and that's probably why you it can't mount drives without F8.

treznorx
02-02-07, 10:59 AM
There is no way to permantly disable driver signing. However with at least graphics drivers if you have a signed driver in place and you upgrade to a unsigned one it works for some reason. This is not true for hte ntune drivers, the ones that support the overclocking functions. And no you cannot just turn off driver signing when you install. YOu must disable it every time you plan on useing the unsigned driver. The driver will be disabled if you rebbot without disabling driver signing.

Remi
02-02-07, 11:12 AM
There is no way to permantly disable driver signing. However with at least graphics drivers if you have a signed driver in place and you upgrade to a unsigned one it works for some reason.
I just want to note that this should not be the case for Kernel drivers on x64, according to Microsoft's own documents.

However, if a driver is composed of a kernel mode part and a user-mode part (as display drivers are in Vista), and if the kernel mode part is signed, I believe it can be accepted by the system even if the user mode part isn't signed. Which means if I'm not mistaken (I haven't tested it) that even a driver not fully signed could work without F8, as long as its kernel mode part is signed.

Hopping this clears things a bit... :)

Rakeesh
02-02-07, 11:46 AM
Not sure about Vista or whether it's the same thing but it's worth a shot, in XP you can open DX dialogue by typing dxdiag in start/run and uncheck "check for WHQL digital signatures" on the bottom left corner of the System tab

Actually that stands for directx diagnostics. And that does not disable signature checking in the OS, rather it tells the dxdiag program to not hash the drivers to check if they are signed. If you leave it on, then dxdiag nags you about installing only signed drivers, or else your system will be unstable or some other kind of fud.

Rakeesh
02-02-07, 11:47 AM
turn uac off then type in bcdedit in command prompt all you need

easier way: start > programs > accessories > right click on command prompt, click run as administrator

When that window pops up, type bcdedit.

rewt
02-02-07, 12:00 PM
Negative, the cross certificates are provided for free.

Oh, I see. So its the valid Authenticode cert that cost mucho $$$, not the actual cross-cert.