Share via

Signing a kernel mode driver

Giuseppe Lorenzi 1 Reputation point
2021-10-21T16:52:18.6+00:00

We are a company that develops custom data acquisition and control systems.
Sometimes changing the driver to communicate with a USB device is also required to meet customer specifications.
Until last year through the certificate purchased from DIGICERT I was able to sign the driver before delivering it to the customer.

Now with the new signing policy I can no longer sign the drivers.
It doesn't matter that the driver is published through Windows Update as I install it directly on the customer's PC.
I cannot disable driver signature verification as the PC is connected to a corporate domain and the administrator does not allow it.

How can I go about signing the driver inside without having to send it to Microsoft for signature?
Furthermore, the Microsoft signing process takes time and a high cost.
Thanks.

Windows for business | Windows Client for IT Pros | Devices and deployment | Other
Windows for business | Windows Server | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Emanuel Andreescu 6 Reputation points
    2021-10-22T12:49:06.837+00:00

    CIao Giuseppe,

    If you don't have the required administrative access to perform in an elevated CMD the command which disable the driver signature enforcement:
    bcdedit /set testsigning off

    You can try to disable it at boot through Advanced Boot Option which can start windows without signature enforcement
    Beside that take in account that disabling the enforcement could lead to possible security exposure if is a permanent solution

    Reference for the steps:
    https://www.howtogeek.com/167723/how-to-disable-driver-signature-verification-on-64-bit-windows-8.1-so-that-you-can-install-unsigned-drivers/

    Best Regards,
    Emanuel

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.