Windows Vista x64 support for unsigned drivers

Microsoft Windows Vista x64 requires the use of signed drivers. The purpose was to prevent any malicious code from running; however, many legitimate applications have unsigned drivers or drivers that have expired. If an unsigned driver exists, you cannot boot into Windows.

Options
There are several options available.

  1. Press F8 while booting into Windows. This is required at each boot. This is more of a work-a-round that a solution.
  2. Sign your own drivers with your own certificate
    Essentially, Microsoft has provided tools that will allow anyone to create a “test” certificate. To use the “test” certificates, Microsoft Windows Vista offers a command-line utility called bcdedit.exe. More on bcdedit.exe at Microsoft.Here is the command that will permit the use of “test” certificates:
    bcdedit.exe -set TESTSIGNING ONI found a great script that made driver signing easy. This script will with great ease create , install and apply the “test” certificate to an unsigned or pre-existing driver or executable. You can download this script and all the required utilities as a zip file from Chris J.

    The script and required utilities
    Download: drivercert.zip
    Source

    dst03

    The contents of drivercert.zip extracted to folder driver sign tool.

    dst02

    The contents of the driver sign tool (drivercert.zip) file contain 1.cmd, 2.cmd, certmaker.cmd, and readme.txt with driver and tools folders. The driver folder is empty.

    dst01

    The tools folder contain, 2computer.cmd, capicom.dll, certmgr.exe, certmgr.msc, done.txt, makecert.exe, and signtool.exe.

    2computer.cmd

    %windir%\System32\bcdedit.exe /set TESTSIGNING ON

    done.txt

    Congratulations if cmd.exe list no warnings and no errors your driver(s) were successfully signed. Now replace your unsigned driver(s) with the signed driver(s) in the driver folder from the driver sign tool directory. You may need to be in safe mode to do this.

    1.cmd

    %windir%\System32\bcdedit.exe /set TESTSIGNING ON
    tools\makecert.exe -$ individual -r -pe -ss "my Certificates" -n CN="certmaker" "test.cer"
    tools\certmgr.exe /add "test.cer" /s /r localMachine root
    tools\signtool.exe sign /v /s "my Certificates" /n "certmaker" driver\*.*
    tools\signtool.exe verify /pa /v driver\*.*
    tools\done.txt

    2.cmd

    tools\signtool.exe sign /v /s "my Certificates" /n "certmaker" driver\*.*
    tools\signtool.exe verify /pa /v driver\*.*
    tools\done.txt

    certmaker.cmd

    @ECHO OFF
    CLS
    :LOOP
    ECHO A. Enter A to create a test certificate and sign your driver(s) with it
    ECHO B. Enter B to sign your driver(s) with a test certificate you have already made
    ECHO Q. Quit
    :: SET /P prompts for input and sets the variable
    :: to whatever the user types
    SET Choice=
    SET /P Choice=Type the letter and press Enter:
    :: The syntax in the next line extracts the substring
    :: starting at 0 (the beginning) and 1 character long
    IF NOT '%Choice%'=='' SET Choice=%Choice:~0,1%
    ECHO.
    :: /I makes the IF comparison case-insensitive
    IF /I '%Choice%'=='A' GOTO ItemA
    IF /I '%Choice%'=='a' GOTO ItemA
    IF /I '%Choice%'=='B' GOTO ItemB
    IF /I '%Choice%'=='b' GOTO ItemB
    IF /I '%Choice%'=='Q' GOTO End
    IF /I '%Choice%'=='q' GOTO End
    ECHO "%Choice%" is not valid. Please try again.
    ECHO.
    GOTO Loop
    :ItemA
    1.cmd
    GOTO Again
    :ItemB
    2.cmd
    GOTO Again
    :Again
    PAUSE
    CLS
    GOTO Loop
    :End

    readme.txt

    To use this file make sure you are logged in with administrative privileges. Caution the use of test certificates is not compatible with windows DRM playback Personally I hate windows DRM and would never download any media that is DRM encrypted. ----------------------------------------------------------------------------------------------- To use this file copy any drives files/ catalogue files you want to sign in the drivers folder. Then run the file certmaker.cmd by right clicking on it and selecting run as administrator. ----------------------------------------------------------------------------------------------- To create a certificate and sign your driver(s) with it press A and then enter. If you have already created a certificate and you wish to sign more drivers press B then enter If you create more than one certificate file with this script you will get an error because the driver sign tool does not know which one to use. If you accidentally create a duplicate certificate go to the tools folder of this directory and open certmgr.msc this will open the certificate manager. Open the my certificates folder and then the certificates subfolder and delete all the certificates not in use (hint: the oldest certificate is probably the one being used delete all the others) ---------------------------------------------------------------------------------------------- You have completed the driver signing to use your signed driver overwrite the old with the new one from the drive folder of this directory. You may have to be in safe mode to do this. If you get an error when trying to overwrite the old driver then boot to safe mode. Restart the computer press F8 as it restarts and select safe mode from the boot options. Then you should be able to over write the old drive. ----------------------------------------------------------------------------------------------- This script creates a copy of the certificate you create in this directory. If the computer you created it on is the only one You are going to use it on you can delete it. But if you want to use this certificate on another computer then you can transfer it and the modified driver to anther computer along with the script 2computer.cmd from the tools folder of this directory. On the destination computer run the script 2computer.cmd then right click on the file test.cer and click install. Then over write the old drive with the signed one. ----------------------------------------------------------------------------------------------- This readme and the included scripts were created by Chris J feel free to modify them if you want.
  3. Disable Integrity Checks (untested)
    I understand that this option most likely will not work on many systems that are fully patched as Microsoft has patched this option out of existence. This is still listed as a viable option as in some rare cases it may still work. Source: Chris123NT
  • Open an elevated command prompt
  • type bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS  (the DD is not a typo).
  • Reboot for the unsigned drivers in Vista x64 to take effect

Note: I tested option 2 with some success. I was able to sign the driver and replace the unsigned driver with the signed one. I was able to reboot without the dreaded error on boot. However, the screen had “test mode” in all four corners which I found to be annoying. Further, the application that contained the driver did not work with Vista x64. After I uninstalled the application, removed the driver from the system32 folder, and typed the command bcdedit.exe -set TESTSIGNING OFF with a reboot, all was well again.