Windows cannot verify the digital signature for the drivers required for this device

5

2

I run Windows 7 64-Bit and I have a USB Device with a 64-Bit Driver, but no signature. It has a device manager entry with a yellow exclamation mark and this warning:

Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)

I tried to use both gpedit.msc to set Code Signing to ignore, and I used EasyBCD to set the DDISABLE_INTEGRITY_CHECKS value, but both options don't help, the device still does not work.

Is there a way to really disable this signature nonsense somehow?

Michael Stum

Posted 2010-01-23T04:56:01.817

Reputation: 3 061

Answers

9

Unfortunately there isn't much you can do at this point. Driver signing is required (no matter what group policy options you pick) for 64-bit Windows. In fact, if I remember right it was like this back when XP 64-bit edition was released. Your best bet is to contact the company of the device and ask them for signed drivers.

I worked around this by signing them myself. To do that I had my own Certificate Authority on my domain issue a code signing certificate that I then used to sign the drivers. While my solution used Windows Server you should be able to do something with openssl and the like. You just need to trust the root signing certificate to make it work.

Obviously with all the work involved with #2 you really should see if you can get your hands on signed drivers!

Lastly, to make sure it is a signed driver issue, reboot your machine and press F8 before Windows 7 boots and select Disable driver signing and see if your device works. If it doesn't, you have another (unknown at this time) issue.

Joshua

Posted 2010-01-23T04:56:01.817

Reputation: 4 434

Thanks! I know how to generate a cert, but how do we sign the driver? – Jason Kleban – 2012-10-07T22:26:39.103

2

@uosɐſ: You'll need to download the Windows Driver Kit to sign the drivers. You'll need to sign the driver itself and create a catalog based on its inf and sign that as well. See Requirements for Device Driver Signing and Staging and Steps for Signing a Device Driver Package for more information. The note about kernel drivers and 64-bit only apply to boot time drivers. If your driver is a boot time driver you'll need to get an approved cert from Microsoft.

– Joshua – 2012-10-08T14:05:22.550

Asked: 2010-01-23T04:56:01.817

Viewed: 14 461 times

Active: 2015-10-27T10:08:47.540