In Windows Vista or Windows 7 operating system, there is a strict driver signature enforcement policy of requiring Microsoft verified, certified and digitally signed device drivers to be installed. Windows 7 or Vista will verify the digital signature of the drivers of each hardware devices before loading or starting the drivers. User who attemps to load an unsigned drivers will face the nonoperational device or malfunction device.

When an unsigned driver is installed, the device will be listed with an exclamation mark in Device Manager, and user may see the following error message:

Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)

Unsigned Driver Loading Failure

No Digital Signature Unsigned Driver

Other possible errors are:

  • This driver has been blocked from loading.
  • Can not connect to low level driver. Please reinstall The Driver under Local system administrator account or try to start driver manually using “Low Level Driver Installation” shortcut.
  • Can not load low level device driver. Please restart application.
  • Windows failed to start. A recent hardware or software change might be the cause.
  • Error code 0xc0000428.
  • Device driver software not successfully installed.

Device Driver Software Failed to Install

The driver signature enforcement policy is implemented in both 32-bit (x86) and 64-bit (x64) versions of Windows 7 and Windows Vista operating system, although it’s less strict in x86 OS, and in most cases, do allow unsigned drivers to load. The main purpose of the restriction is to enhance stability and reliability of Windows operating system by ensuring all device drivers passed Microsoft’s driver certification and compatibility test.

Previously in pre-SP1 Windows Vista, driver signature enforcement can be easily disabled with “bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS” command or “Ignore code signing for drivers” group policy, but the disable drivers integrity checks options no longer works after Microsoft released new kernel security update.

User who needs to load unsigned driver is not out of options though. Easiest workaround to be able to load unsigned driver in Windows 7 or Windows Vista is by pressing F8 during system startup to display Advanced Boot Options, and select Disable Driver Signature Enforcement, on every boot up. User who feels that it’s troublesome to do so every time system is rebooting, it’s possible to download and install ReadyDriver Plus, which modifies Windows bootloader to automate the pressing of F8 and selection of “Disable Driver Signature Enforcement”.

There is another workaround to load “unsigned” driver in Windows Vista and Windows 7, by signing the driver with a test certificate. Unlike test certificate, digital verified certificates have to be paid for. However, Microsoft provides a “test” mode inside Windows Vista and Windows 7 that will allow developers to test their software and drivers prior to submitting to Microsoft labs. In the test mode, the certificate does not need to be verified, and thus user can use a test certificate to sign the driver software. And the system in test mdoe can load the unverified but test-certificate signed drivers.

The manual process to sign a driver with test certificate is not simple. But there is a tool, by, named Driver Signature Enforcement Overrider (DSEO) that can automate the process to digitally sign a unsigned driver with a test certificate.

Driver Signature Enforcement Overrider

Basically, Driver Signature Enforcement Overrider or DSEO does the following functions:

  1. Enable Test Mode with bcdedit.exe /set TESTSIGNING ON command, a prerequisite to load a test-certificate signed unverified driver.
  2. Sign a system file (including device driver) with test certificate.
  3. Remove “Test Mode” desktop watermark, which is the consequence of enabling “test signing” mode.

Download Driver Signature Enforcement Overrider (DSEO) 1.3a: dseo13b.exe
Download Driver Signature Enforcement Overrider (DSEO) 1.2 (stable version for Windows Vista only): dseo12.exe

Thus, to use DSEO, user has to perform several steps:

  1. Disable User Account Control (UAC).
  2. Select Enable Test Mode and click Next to get a confirmation dialog that Test Mode has been enabled, then click OK to go back to main DSEO window.
  3. Select Sign a System File and click Next, and specify the full path to the system file that wants to be signed.
  4. To remove the “Test Mode” desktop watermark, select Remove Watermarks and click Next to remove desktop watermark, by patching user32.dll.mui file.

If the newly signed driver has been installed, restart the computer and the device drivers or the software will load and run properly, or, install the test-signed drivers or software.

Driver Signature Enforcement Overrider (DSEO) supports both 32-bit and 64-bit editions of Windows Vista, Windows 7 and Windows Server 2008.