Table of Contents
In this article will explain how to disable driver signature enforcement on Windows 11/10. On Windows 11, it is possible to disable “driver signature enforcement” to install unsigned drivers using the Windows Recovery Environment (Win Recovery Environment). The driver signature enforcement is a security feature that restricts the use of drivers to those that have been digitally signed by Microsoft.
It is always recommended to verify the code’s integrity and the publisher’s identity to ensure the package has not been altered. Occasionally, however, it may be necessary to install an older version of a driver from a trusted source, a device that lacks a signed driver from its manufacturer, or to test a custom unsigned driver. Regardless of the reason, Windows 11 provides at least two ways to disable signature enforcement in order to install unsigned drivers using the recovery settings at startup.
If you receive the message Windows requires a Digitally signed driver, this post will show you how to disable Driver Signature enforcement permanently in Windows 11/10/8/7 via Advanced Startup Options or CMD. This will enable the installation of Unsigned Drivers. Driver Signing is the association of a digital signature with a driver package. This guide will teach you how to disable driver signature enforcement on Windows 11/10 to permit the installation of unsigned drivers.
What is driver signature enforcement?
Driver signature enforcement is a Windows security feature that only allows drivers that have been digitally signed by Microsoft to be installed on a Windows computer. This ensures that the drivers are safe to use. If a driver has been digitally signed, you know that it comes from a reliable source and does not contain any malicious code. Occasionally, however, the required driver may lack this digital signature. In this case, driver signature enforcement can be disabled to allow drivers to be installed even if they have not been digitally signed.
However, you should not undertake this action without considering the potential consequences. Unsigned drivers may be obsolete and incompatible with your computer. It may even cause your computer to crash and result in the loss of data. Your computer’s working driver must be a signed driver containing a digital signature. The digital signature is an electronic security token that indicates the publisher of the driver and all relevant information. If someone modifies the original driver package contents, you can determine the differences by comparing the original relevant information.
Why would you want to disable driver signature enforcement?
- Sometimes, it may be necessary to install drivers: that have not been digitally signed by Microsoft or the manufacturer of the hardware. By default, driver signature enforcement prevents the installation of these drivers. Disabling it enables the installation and use of unsigned drivers.
- Compatibility: In some instances, older or custom drivers may not have digital signatures, but they are still required for specific hardware or software to function properly. In such situations, disabling driver signature enforcement can help ensure compatibility.
- During driver development: software developers and hardware manufacturers must frequently test and debug their drivers. Disabling driver signature enforcement enables unrestricted installation and testing of unsigned drivers.
- When users modify or customize their hardware: such as by installing custom firmware or hardware modifications, it may be necessary to install drivers without digital signatures. In these situations, disabling driver signature enforcement is essential.
How to disable driver signature enforcement on Windows 11/10
Use the Local Group Policy Editor
- Windows key plus R will launch the Run dialog box.
- Input gpedit.msc into the text box.
- Double-click Administrative Templates in the User Configuration section of the left-hand navigation pane.
- Double-click Driver Installation to the right of System.
- Double-click Code signing for driver packages next.
- Select Enabled from the menu.
- Select Ignore from the When Windows detects a driver file without a digital signature drop-down menu.
- Click OK to save the modifications.
Use Windows Recovery Environment
- Pressing the Windows key will bring up the Start menu.
- Select the Power icon.
- Hold the Shift key down.
- Select Restart to activate the recovery mode.
- When the operating system enters the recovery environment, select Troubleshoot.
- Next, click More settings.
- Select Startup options from the six listed options.
- Select the Restart icon.
- Enter the BitLocker recovery key when prompted.
- To boot Windows with Driver Signature Enforcement disabled, press F7 or 7.
- Windows 11 will disable the Driver Signature Enforcement feature after the next restart.
- Simply restart the computer to restore the feature.
Risks and Considerations
| Risk/Consideration | Description |
|---|---|
| Risk of Malicious Drivers | Disabling driver signature enforcement allows unsigned or potentially malicious drivers to load, which can compromise system security. |
| Stability Issues | Unsigned drivers may not be well-tested or compatible with the operating system, leading to system instability, crashes, or unexpected behavior. |
| Vulnerability to Exploits | Unsigned drivers can be vulnerable to exploits, making the system susceptible to security breaches and malware infections. |
| Limited Support from OS/Manufacturer | Operating system updates or support may be limited or restricted when driver signature enforcement is disabled, potentially leaving the system vulnerable. |
| Difficult Troubleshooting | Troubleshooting issues with unsigned drivers can be challenging, as they may not be well-documented, and community support may be limited. |
| Incompatibility with Secure Boot | Disabling driver signature enforcement may not be compatible with Secure Boot, reducing the system’s overall security posture. |
Windows 11 vs. Windows 10: Differences in Driver Signature Enforcement
| Feature | Windows 11 | Windows 10 |
|---|---|---|
| Secure Boot Requirements | Requires Secure Boot for TPM 2.0 devices | Requires Secure Boot for UEFI devices |
| Driver Signature Enforcement | Uses only WHQL-signed drivers | Allows both WHQL and unsigned drivers |
| Test Mode | Test mode is available | Test mode is available |
| Advanced Boot Options | No longer accessible via F8 during boot | Accessible via F8 during boot |
| Shift + Restart | Allows disabling driver signature enforcement temporarily | Allows disabling driver signature enforcement temporarily |
| Installation of Unsigned Drivers | Difficult to install unsigned drivers without disabling Secure Boot | Easier to install unsigned drivers by disabling Secure Boot |
Questions and Answers
Driver Signature Enforcement is a security feature that ensures that only signed drivers can load on your system. Note that disabling driver signature enforcement will install drivers that weren’t officially signed. Install only trustworthy drivers.
If a driver is not Microsoft-certified, Windows will not run it on a 32-bit or 64-bit system. This practice is known as “driver signature enforcement” Windows 10 will only load Kernel mode drivers digitally signed by the Developer Portal.
By default, Windows 10 requires driver signatures. This can be disabled to allow installation of unsigned drivers. Follow the steps listed below to disable driver signature enforcement. Click the Start button and then click Settings.