To disable KMCS in Windows 7 64 bit, What is the difference between
- bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
- bcdedit.exe -set TESTSIGNING ON
Are both necessary or either one to load unsigned drivers?
Thanks for your help - Daniel
Windows 7: What is the difference between turning testsigning on and disabling integrity check
9.7k Views Asked by Daniel Yaacov At
5
There are 5 best solutions below
3
On
I believe support for DDISABLE_INTEGRITY_CHECKS to be completely removed (there are various windows updates that remove it). The only way to load unsigned drivers on Win7 64bit is if you enable test signing and leave it enabled for as long as you need the drivers.
0
On
According to the offical documentation, nointegritychecks command is ignored by Windows 7 and Windows 8:
nointegritychecks [ on | off ]
Disables integrity checks. Cannot be set when secure boot is enabled. This value is ignored by Windows 7 and Windows 8.
Since /set nointegritychecks on is an alias to -set loadoptions DDISABLE_INTEGRITY_CHECKS, I make an assumption that this command is obsoleted and no longer works.
So the answer to your question would be that only bcdedit.exe -set TESTSIGNING ON makes any sense in Windows 7 64 bit. It switches Windows to the "Test Mode" and adds a watermark at the bottom right corner of the desktop.
0
On
- You disable common mode Windows 7 starts.
- You give an alternative to common mode.
- You need both lines. Many times you cannot obtain authentic identity after you are part of Windows system/your IP provider. so start in safe mode and write commands. Keep in mind before any try: unistall Java from system. If anyway it does not work, activate guest account and try install your device there. It will show in your common account next time you log in. Good luck!
1
On
NO they still work. I always run them both. after reboot will see your OS version and test mode in bottom rt corner. can also use compatibility mode to try to force or use unsigned drivers and try under an older OS (typically works best with xp sp 3 compat mode. I have been running them in all OS, Win 7, Win 8.1, Win 10 and Win Server 2012r2. You can take a look at your bcd entries and they will be listed there also.
Test signing only concerns KMCS, while integrity checks are about the more broad general code integrity (and they would also run on the 32-bit version).
The long story short is that while the former just takes cares of enforcing the certificate rules, the later is an absolute assload of self-integrity tests, reciprocal checks between the OS loader and the boot manager and last but not least boot files verification.
It is there that they do partially overlap, but of course there is more than just boot-start drivers (and even there, while surely every properly signed image is still a valid binary too, not all .sys files with a correct checksum will necessarily have a WHQL signature or similar - if at all).
I'm just unsure on the minutiae of disabling CI. Like, even with that I believe unsigned drivers still wouldn't be allowed (only testsigned ones if any). So, is it just a remnant of some Vista RTM days guide, or was it a requirement for DSEO and friends?