Windows7 boot option to allow unsigned drivers ignored

Question

I'm learning Windows kernel mode driver development. I've written a small test driver that I can successfully register, unregister, load and unload under Windows 7 32bit Ultima edition running under a VM in VirtualBox.

My host is Windows 7 64bit Home Premium edition.

The driver, compiled for 64 bit, will not load under Windows 7 Home edition. I keep getting a rejection noticed that this version of windows does not allow unsigned drivers.

I've tried two things:

1. I've used the F8 boot option to allow unsigned drivers (didn't work)

2. I run a CMD as administrator and execute the following two commands

   bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS

   bcdedit.exe -set TESTSIGNING ON

and rebooted. My desktop shows me in "TestMode" but still I get same rejection noticed.

Can anyone help me out here or explain if there is an additional step for Home edition?

----{ update }---- After pouring through tons of MSDN stuff, it would appear my solution lies in self signing the driver I created. The DDK I downloaded does not appear to have the tool chain to do self signing. I've downloaded WinDDK-7600.16385.1. But what is so strange is that my Windows Ultima Edition happily loads my driver if I simply F8 @ boot time and tell it to allow unsigned drivers.

Answer 1

You might try the Driver Signature Enforcement Overrider. It's supported on 64-bit versions of Windows 7, and reports that I've seen confirm that it does indeed work on the "Home Premium" edition.

     

1. Download the application from the link below. Right click on it and choose "Run as administrator". Inside its main menu, press on the “Enable Test Mode” button and follow the instructions on the screen. This will enable TESTSIGNING mode, which allows unverified system files to be loaded.

2. Now all you have to do is to add the unverified signature to the required system files. To do so press on the “Sign a System File” button from the main menu, and enter specific filename including full path. For example: if ATITool64.sys from C:\Windows\System32\drivers refuses to load due to driver signature enforcement, you should type: “C:\Windows\System32\drivers\ATITool64.sys”, and if you would like to sign more than a single file, just repeat this procedure until you’re done, and finally reboot.

After you enabled Test Mode and added signatures to the required system files, they should bypass Windows’s driver signature enforcement and load without any issues. However, if for some reason you are interested to revert it, you can re-launch the application, choose “Disable Test Mode” from the main menu, and reboot. If you encounter issues or having questions, feel free to post it on our forums.

Note: DSEO requires administrative privileges (Run as administrator).

It even allows you to remove the watermark from your desktop!

Answer 2

You do not need to use that tool. Just test sign the driver with your own personal certificate with the signtool in the DDK.