Seungweon's Blog

in Portland, Oregon

1/05/2010

How to Disable Signature Enforcement during Dev.& Debug

How to Disable Signature Enforcement during Development & Debug.


During the early stages of development, developers can disable enforcement in Windows so that driver signing is not necessary. The following options are available for developers to disable kernel mode code signing enforcement temporarily so that Windows Vista will load an unsigned driver.


· Attaching a kernel debugger. Attaching an active kernel debugger to the target computer disables the enforcement of kernel mode signatures in Windows Vista and allows the driver to load.
· Using the F8 option. An F8 Advanced Boot Option introduced with Windows Vista—"Disable Driver Signature Enforcement"—is available to disable the kernel-signing enforcement only for the current boot session. This setting does not persist across boot sessions.
· Setting the boot configuration. A boot configuration setting is available in the Windows Vista Beta2 release that disables the enforcement of kernel mode signatures to be persisted across boot sessions.

Windows Vista includes a command-line tool, BCDedit, which can be used to set the option in Windows Vista Beta2 to disable signature checks. To use BCDedit, the user must be a member of the Administrators group on the system and run the command from an elevated command prompt. An elevated command prompt can be launched by creating a desktop shortcut to cmd.exe, and then using right-click and "Run as administrator".
The following shows an example of running BDCedit at the command prompt:

// Disable enforcement – no signing checks
Bcdedit.exe –set nointegritychecks ON

// Enable enforcement – signing checks apply
Bcdedit.exe –set nointegritychecks OFF

// Disabling integrity check on an alternate OS
// specified by a GUID for the system ID
Bcdedit.exe –set {4518fd64-05f1-11da-b13e-00306e386aee} nointegritychecks ON


Note1: The Bcdedit option to disable integrity checks is only available for loading unsigned drivers on the Windows Vista Beta2 release. For more information, see the BCD Editor FAQ on the MSDN Web site.

 

Note2: Run these commands at elevated command prompt and unsigned drivers will run no need to f8 on reboot.

Bcdedit.exe /set TESTSIGNING ON
Bcdedit.exe /set TESTSIGNING OFF

 

or

 

bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS


source: http://www.vistax64.com/drivers/9351-unsigned-drivers.html

Posted by Seungweon Park,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)