Driver Signing in Windows

Windows Vista x64

One of the well-known problems of 64-bit versions of Windows Vista and later operating systems is the driver signature enforcement. Basically, 64-bit Windows Vista will not load a driver without a valid Authenticode signature (one-year certificate costs ~500$, according to VeriSign). While providing a reliable way of verifying the origin of a driver, it creates problems for free kernel-mode software. The best workaround for this problem is using the test signing mode. When a system is booted in "testsigning" mode, any driver having a digital signature (even not approved by Microsoft), can be successfully loaded by the system.

SysProgs software, such as WinCDEmu, requiring testsigning mode on 64-bit Vista and later operating systems, enables test signing mode during installation. However, you can always enable this mode manually by selecting Start->All Programs->Accessories->Command Prompt, right-clicking on it, selecting "Run as administrator" and typing the following command:

bcdedit -set TESTSIGNING ON

To disable testsigning mode, you need to run the following command:

bcdedit -set TESTSIGNING OFF

Note that you will need to restart your computer for this change to take effect.

Important notice

If you want to help SysProgs releasing free signed versions of all programs, please make a donation. Read more here.

Windows XP

You can get rid of the 'unsigned driver' warning in Windows XP while installing SysProgs software by importing the SysProgs.org certificate to the trusted root certificates folder:

  1. Select the installer (for example, WinCDEmu installer) in Explorer, right-click on it and select "Properties".

  2. Select the "Digital Signatures" page.

  3. Select the SysProgs.org signature and press "Details".

  4. Press "View Certificate" button.

  5. Press the "Install Certificate" button.

  6. Press "Next", select "Place all certificates in the following store", press "Browse" and select "Trusted Root Certification Authorities"

  7. Press "Next", then "Finish".

During certificate installation you will be prompted to verify that the certificate actually represents SysProgs.org. To do so, compare the SHA1 thumbprint with the one on the screenshot:

Note that this will install the SysProgs.org certificate as a trusted root certificate, recognizing all SysProgs software as signed and verified. If you want only the software signed by Microsoft and its partners to be considered 'verified', do not install SysProgs.org certificate.