Windows 7 PC Does not boot after disabling driver signature enforcement!

Discussion in 'Windows - General discussion' started by retroborg, Jul 24, 2024.

  1. retroborg

    retroborg Regular member

    Joined:
    Jan 3, 2006
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    26
    Good day,
    I have a Windows 7 Pro 64-Bit, Intel Core 2 Quad Core PC and I encountered the following problem.

    I installed a new Sound BlasterX AE-5 Plus and the latest driver software package AECMDMasterInstaller_3.4.92.00

    But this error came up in the device manager:

    "Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)"

    Though the Sound Blaster will only work properly with the default Windows drivers.

    So I temporary disable driver signature enforcement by booting up and pressing F8 and choosing to Disable driver signature enforcement, but the problem persisted.

    I then disabled driver signature enforcement permanently from the command prompt CMD by typing this command: "bcdedit.exe /set nointegritychecks on" and rebooted.

    But still the drivers were not installed.

    So I re-enabled disable driver signature enforcement from the command prompt CMD by typing this command: "bcdedit.exe /set nointegritychecks off" and rebooted.

    But then some bigger problem was caused!

    Now the PC will not boot and will always go to startup repair mode and try to fix it unsuccessfully.
    And this error message comes up:
    [​IMG]

    The only way to boot and login into Windows is by pressing F8 when booting and choosing to Disable driver signature enforcement.

    I have removed the Sound Blaster card and uninstalled all the recent Sound Blaster Drivers and used CCLEANER to clean the registry, but nothing worked and the problem persists!

    So is there a way to fix this, I'm out of ideas!
    Any help will be highly appreciated!
    Thanks in advance!
     
  2. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    Last edited: Jul 24, 2024
  3. retroborg

    retroborg Regular member

    Joined:
    Jan 3, 2006
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    26
    Hi,
    Yes that's what I installed and removed later.

    Now Windows won't even load in safe mode. Only by pressing F8 when booting and choosing to Disable driver signature enforcement will it start.
     
  4. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,167
    Likes Received:
    136
    Trophy Points:
    143
    when pressing F8, can you select command prompt?
     
  5. ps355528

    ps355528 Active member

    Joined:
    Aug 17, 2010
    Messages:
    1,071
    Likes Received:
    28
    Trophy Points:
    78
    I believe support for DDISABLE_INTEGRITY_CHECKS to be completely removed (there are various windows updates that remove it). The only way to load unsigned drivers on Win7 64bit is if you enable test signing and leave it enabled for as long as you need the drivers.

    Unfortunately you seem to have completely broken something else now.. I don't know that much about windows7.. nearest I have come is server 2k12 (which I run in a vm for a stupid printer)

    There is also this.. which I found somewhere.. and it might just explain what has broken
    """
    Test signing only concerns KMCS, while integrity checks are about the more broad general code integrity (and they would also run on the 32-bit version).

    The long story short is that while the former just takes cares of enforcing the certificate rules, the later is an absolute assload of self-integrity tests, reciprocal checks between the OS loader and the boot manager and last but not least boot files verification.

    It is there that they do partially overlap, but of course there is more than just boot-start drivers (and even there, while surely every properly signed image is still a valid binary too, not all .sys files with a correct checksum will necessarily have a WHQL signature or similar - if at all).

    I'm just unsure on the minutiae of disabling CI. Like, even with that I believe unsigned drivers still wouldn't be allowed (only testsigned ones if any). So, is it just a remnant of some Vista RTM days guide, or was it a requirement for DSEO and friends?
    """
     

Share This Page