Driver Signing is the process of associating a digital signature with a driver package. Windows device installations use digital signatures to verify the integrity of the driver packages and to verify the identity of the vendor who provides the driver packages. The drivers you normally install on your computer from Windows Update, Original Equipment Manufacturers or some 3th-party driver download software, etc. must be digitally verified by Microsoft via a digital signature. It is an electronic security mark that certifies the publisher for the driver, as well as all the relevant information related to it. If a driver isn’t certified by Microsoft, Window won’t run them on either 32-bit or 64-bit system. This is referred to as “driver signature enforcement”. Windows 11/10 will load only Kernel mode drivers signed digitally by the Dev Portal. However, the changes will affect only the new installations of the operating system with Secure Boot on. The non-upgraded fresh installations would require drivers signed by Microsoft.
Windows requires a digitally signed driver
The error means the driver you are trying to install or update hasn’t been digitally signed by the issuing authority. Thus you wouldn’t be able to use it. The solutions to this problem are as follows:
1] Update the drivers from the manufacturer’s website
The reason you face this problem at the first place is that you might have downloaded the drivers from an external media or the drivers weren’t updated in a while, and the issuing authority changed its policies. The best resolution, in this case, could be to download the latest drivers from the manufacturer’s website itself and install them. If this doesn’t work, the only option you would have is to disable the driver signing or its recognition in Windows 10. However, this isn’t recommended so proceed with it only if you think you need to use the affected hardware. Read: How to identify unsigned drivers using sigverif utility.
2] Disable driver signing through the group policy editor
To disable Driver Signature enforcement, press Win + R to open the Run window and type the command gpedit.msc. Press Enter to open the Group Policy Editor. Navigate to the following path: On the right-pane, double-click on the entry Code signing for device drivers to open its properties. This setting determines how the system responds when a user tries to install device driver files that are not digitally signed. It establishes the least secure response permitted on the systems of users in the group. Users can use System in Control Panel to select a more secure setting, but when this setting is enabled, the system does not implement any setting less secure than the one the setting established. When you enable this setting, use the drop-down box to specify the desired response.
“Ignore” directs the system to proceed with the installation even if it includes unsigned files.“Warn” notifies the user that files are not digitally signed and lets the user decide whether to stop or to proceed with the installation and whether to permit unsigned files to be installed. “Warn” is the default.“Block” directs the system to refuse to install unsigned files. As a result, the installation stops, and none of the files in the driver package are installed.
To change driver file security without specifying a setting, use System in Control Panel. Right-click My Computer, click Properties, click the Hardware tab, and then click the Driver Signing button.
Select the radio button as Enabled for this policy. Select Ignore from the dialogue box for When Windows detects a file without drivers.
Click on OK to save the settings and restart the system. This will make the warning go away. But you have to remember that this makes your system ‘less secure’. Related posts: