Share via

Permanently disable driver signature enforcement for specified drivers

Charles Himmel 0 Reputation points
2026-06-07T02:58:06.3866667+00:00

I have 2 pieces of hardware with old drivers that now only work when I disable driver signature enforcement. Doing this every time with a restart is annoying, and permanently disabling it creates security risks. Is there a way I can just tell windows that these 2 drivers are safe? Please?

Windows for home | Windows 10 | Devices and drivers
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. EmilyS726 238.3K Reputation points Independent Advisor
    2026-06-07T03:40:08.8466667+00:00

    Unfortunately, Windows does not have a normal “trust only these two unsigned kernel drivers” option.

    For 64-bit Windows, kernel-mode drivers generally must be properly signed. Microsoft’s driver-signing rules apply at the kernel level, and the common bypass methods, such as Disable driver signature enforcement, test-signing mode, or no integrity checks, are system-wide, not per-driver.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments

  2. AI answer

    2026-06-07T02:58:16.64+00:00

    Windows cannot be configured to “trust” specific unsigned kernel‑mode drivers while keeping driver signature enforcement enabled for everything else. On 64‑bit Windows (including Windows 11), kernel‑mode drivers must be signed to load when signature enforcement is on.

    To avoid turning off enforcement globally at every boot, the supported options are:

    1. Test‑sign the drivers
      • During development or for non‑production use, the drivers can be test‑signed and installed on a system that is in test‑signing mode.
      • This is the recommended approach for ongoing use of non‑production drivers instead of repeatedly disabling enforcement.
      • See the guidance on how to test‑sign a driver package. Once test‑signed, the drivers can load without using F8 each time, as long as the system is configured for test‑signed drivers.
    2. Use F8 “Disable Driver Signature Enforcement” (session only)
      • Press F8 at boot and choose Disable Driver Signature Enforcement.
      • This disables load‑time signature enforcement only for that boot session and must be repeated after every restart.
    3. Attach a kernel debugger (development/test only)
      • Attaching an active kernel debugger and enabling kernel debugging with bcdedit -debug on disables load‑time signature enforcement for kernel‑mode drivers on that machine while debugging is active.
      • This is intended for driver development and testing, not for normal daily use.

    For production use on Windows 10, version 1607 and later (including Windows 11), new kernel‑mode drivers must be signed via the Windows Hardware Dev Center (Dev Portal). Cross‑signed or unsigned kernel‑mode drivers are not supported except in specific legacy or Secure Boot–off scenarios.

    There is no supported mechanism in Windows to mark individual unsigned kernel‑mode drivers as “safe” while keeping Memory Integrity / core isolation and driver signature enforcement enabled for the rest of the system. The long‑term solution is to obtain properly signed drivers (from the hardware vendor or via the Dev Center) or replace the hardware with devices that have supported, signed drivers.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.