Questions about "unsigned drivers" settings

#1
In EasyBCD-->Advanced Settings->Advanced Tab there is an option

"Allow installation of unsigned drivers on 64bit Windows"

1.) If I check this option will it be permanent (=beyond the next reboot) ?

2.) How can I check from cmdline (with bcdedit) if this option is currently enabled or not?

3.) Does

bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS

mean exactly the same as the option in EasyBCD or is there a difference?

4.) As I read it is recommended that the user enters

bcdedit -set TESTSIGNING ON

always after disabling integrity check. Is this really always required?
What If I omit this second command?

5.) Is there a corresponding chekcbos in EasyBCD for

bcdedit -set TESTSIGNING ON/OFF

?
Thank you
Peter
 

mqudsi

Mostly Harmless
Staff member
#2
Hi Peter,

Welcome to NeoSmart Technologies.

EasyBCD's unsigned drivers mode is sticky, and will not be reset on reboot. You can always check if it's still set by launching EasyBCD and looking at the checkbox state in Advanced Options.

EasyBCD is indeed identical to DISABLE_INTEGRITY_CHECKS

But, note that this does NOT allow unsigned kernel drivers. Nothing can at this point allow unsigned kernel drivers.

TESTSIGNING is the workaround. You do NOT need to set it to use D_I_C, they are completely unrelated. TESTSIGNING means you can personally sign the drivers you want to use with your own certificate. There is no checkbox for TESTSIGNING in EasyBCD.
 
#3
Check this resource:

http://www.freeotfe.org/docs/Main/impact_of_kernel_driver_signing.htm



And btw easyBCD setting is just a GUI for a BCEDIT command and this command has been
rendered practically useless for nearly 3 years now, due to the fact that MS has various hotfixes and Servicepacks
that render ddisable_integrity_checks in bootoader ineffective.

You can either hit F8 at boot and turn the checks off manually every time,use ready driver plus to do that for you, or you run windows
in test mode with watermarks on your screen. All these methods are far from perfect. Blame MS for crippling my mouse polling
rate to 125 hz and having me to undertake this balloney to improve my mouse rate.

It would be a nice thing if EASYBCD would state this problem with a little ballon message when selecting
that option..could have saved me precious time when i tried to find out why my setting was being ignored
by Windows 7 x64...i dont see a sticky about this issue either. Not good.
 

Mak 2.0

Mod...WAFFLES!?!?
Staff member
#4
It would be a nice thing if EASYBCD would state this problem with a little ballon message when selecting
that option..could have saved me precious time when i tried to find out why my setting was being ignored
by Windows 7 x64...i dont see a sticky about this issue either. Not good.
Considering that the settings for Unsigned Drivers is under Advanced Settings and even further under the Developer Tab, one would be safe to assume that a person would know exactly what that setting would do if it was checked. A person should not be checking boxes and going into a Developer Tab in Advanced mode if they do not know or understand what changing these settings might do. That is not a problem with the program itself but with people not knowing what they are doing and instead of asking quetions, getting jumpy and check the box without full understanding. I fail to see this as a problem nor as something that should be in the Wiki or Stickied about. If you dont know what it does, you shouldnt be messing with it. Really simple to understand if you ask me.