Key Points
- To disable driver signature enforcement, hold down Shift, click Start, and then click Restart. In the Windows Recovery Environment, go to Troubleshoot > Advanced options > Startup settings > Restart. Select “Disable driver signature enforcement” (option =7).
- To disable driver signature enforcement from Command Prompt, run the command “bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS”, and then run “bcdedit.exe -set TESTSIGNING ON”.
A digital signature ensures the authenticity of an electronic product. For example, a driver is digitally signed by Microsoft which lets the Windows operating system know that the driver is authentic and safe to install on the computer.
If you try installing an unsigned driver, by default, the Windows OS shows the following error message:
Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
That said, you may need to occasionally install an unsigned driver to get certain hardware running. At this point, you will need to disable the driver signature enforcement feature of Windows so that the OS allows the driver to be installed.
This guide discusses 4 step-by-step methods to disable driver signature enforcement on Windows 11 and 10, so you can install the driver of your choice. But before you do, know whether you should or not.
Table of Contents
What is driver signature?
Windows uses Driver Digital Signatures to verify the legitimacy of device drivers. Microsoft requires hardware vendors to verify their drivers before they can be installed on Windows. If any driver is not verified, Windows will display the above-mentioned error.
For the third-party vendors to have their drivers signed, Microsoft charges a fee for them to be installed on the Windows OS. Since Driver Digital Signature is a paid service from Microsoft, small vendors do not get their device drivers verified. This is especially the case for USB drivers. In this case, you may need to disable the feature.
Is it safe to disable driver signature enforcement?
As a Windows security feature, driver signature enforcement only permits drivers that have been digitally signed by Microsoft as safe to use to be installed on the computer. Ideally, an unsigned driver should not be installed on a computer. An unsigned driver means that the authenticity of the software is unknown, and hence, may contain a virus or a malicious piece of code.
In short, it is only safe to disable driver signature enforcement as long as the software you install is malware-free. Otherwise, the consequences of disabling the feature could turn fatal for the operating system, as well as your data and the devices on your network.
If you still have to, you can disable driver signature enforcement using any one of the following methods.
Disable driver signature enforcement from Windows Recovery Environment (Settings)
One method to disable the driver signature enforcement on Windows is through the Settings app, which then reboots the computer into the Windows Recovery Environment (WinRE). The WinRE is a pre-boot environment in Windows that allows you to boot into safe mode and perform other troubleshooting tasks.
Perform the following steps to disable driver signature enforcement from the Settings app:
-
Press the Windows Key + i to open the Settings app.
-
Go to System > Recovery.
-
Click “Restart now” in front of “Advanced startup.”
Restart into Advanced Startup -
When asked for confirmation, click “Restart now” again.
Confirm restart The computer will now boot into the Windows Recovery Environment.
-
Click Troubleshoot.
Select Troubleshoot from WinRE -
Now click “Advanced options.”
-
Now click “Startup settings.”
-
Click Restart.
Restart the computer The device will now restart again. This time, you will be presented with a list of options you can choose from by using the function keys on the keyboard (F1-F9).
-
Press the key that says “Disable drive signature enforcement” (F7).
Disable driver signature enforcement
This procedure to disable driver signature enforcement is the same for all versions of Windows, including Windows 7, Windows 8/8.1, Windows 10, and Windows 11.
Disable driver signature enforcement using Group Policy
You can also disable the driver signature enforcement using Group Policy. Here is how:
-
Press the Windows Key + R to open the Run Command box.
-
Type in “gpedit.msc” and press Enter to open the Group Policy Editor.
-
Navigate to the following path from the left pane:
Local Computer Policy > User Configuration > Administrative Templates > System > Driver Installation
-
Double-click the policy “Code signing for driver packages” on the right.
Open the Code signing for driver packages policy -
Select Enabled and then select Warn from the drop-down menu in the Options section.
Disable the driver signature enforcement using Group Policy -
Click Apply and OK.
-
Now run the following command in an elevated Command Prompt:
GPUpdate /Force
Enforce group policy updates
The driver signature enforcement will now be disabled and you may continue to install the unsigned driver without hindrance.
Disable driver signature enforcement from Command Prompt
If you are familiar with the Windows command line, then you could even use the Command Prompt to disable driver signature enforcement. Here is how:
-
Press the Windows Key + R to open the Run Command box.
-
Type in “cmd” and press CTRL + Shift + Enter to run Command Prompt with administrative rights.
-
Now execute the following commands one after the other:
bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS bcdedit.exe -set TESTSIGNING ON
Disable signature enforcement from Command Prompt -
Restart the computer for the changes to take effect.
Note: You may see the following error show up when running these commands. If so, use either of the other 3 methods to disable driver signature enforcement:
An error has occured setting the element data. The value is protected by Secure Boot policy and cannot be modified or deleted.
Disable driver signature enforcement using Advanced Boot menu
Another method to disable driver signature enforcement is using the Advanced Boot menu, which comes before the Windows OS is loaded. This method is very much similar to that of using WinRE/Settings app discussed above.
-
Start by restarting the computer.
-
As soon as the computer starts up, press the F8 function key (or the key specific to your computer manufacturer/model) and boot into the Advanced Boot menu.
-
Use the arrow keys to highlight/select “Disable Driver Signature Enforcement” and press Enter.
Disable the driver signature enforcement using Advanced Boot options
The computer will now restart and boot normally, and you should be able to install unsigned drivers easily.
Conclusion
This post gives a step-by-step guide on how to disable the Windows driver signature enforcement. Although it is enabled by default for your and your device’s safety, one may need to disable it if absolutely necessary to be able to install drivers that are not signed.
As we mentioned earlier, unsigned drivers are potential risks that could contain malware and unwanted code. Therefore, if you do disable driver signature enforcement, we recommend that you re-enable it when you are done installing it.
To re-enable driver signature enforcement, you need to perform any of the 4 methods above, and the option to enable it should be available.
