The other day I tried to move my Hogmonitor application to my Vista x64 machine, so that I could shut down the XP machine that has been running it. I thought it’d be a nice way to save the power used by running the XP box 24/7, since it is otherwise used infrequently. However, I quickly hit up against a brick wall – Windows Vista 64-bit doesn’t allow you to run drivers that haven’t been digitally signed. Since the Hogmonitor uses the InpOut32 library, which relies on a custom driver, I’m out of luck. InpOut32 even has a 64-bit port, so I could have used it fine on a Windows XP 64-bit machine, and it would work on a 32-bit Vista machine. But on 64-bit Vista, there is no way around driver signing.
I understand why Microsoft chose to require driver signing – it’s to keep home users from messing up their systems with weird drivers. But making signed drivers a requirement on 64-bit only is really weird. Aren’t the 64-bit users going to be the power users? I’d be fine with requiring signing by default if I were allowed to turn it off through Group Policy or something, but as far as I know there’s no way to disable this at all in Vista RTM (in the Betas there was a way to disable it, but it doesn’t work anymore). This is the first thing I’ve hit that I can do with an XP machine that I can’t do with a Vista machine (OK, printing too, but that’s HP’s fault). And I don’t hold out hope for the drivers getting a signature, either – those certificates cost $895! That basically prevents any drivers written by people in their spare time from being used in Vista x64. This includes stuff like InpOut32, overclocker fan and temperature monitors, hardware tweakers, and a host of other goodies.
This is really awful, Microsoft. I want to use my computer’s hardware however I want. And if that involves voiding my warranty by installing unsigned drivers so I can communicate with my hobby-project hedgehog sensor, then let me do that. Don’t make me keep around another computer just so I can use simple hardware.
Tags: 64-bit, Driver Signing, Windows Vista
Entries
You can disable driver signature checks in Vista 64 for a single session by pressing F8 (I think) while booting and selecting the appropriate option
To make this choice permanent, you can use the following command (if the Internet is right):
bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
Unfortunately that command has not worked since the Vista betas.
Try creating a self-signed cert, then use THAT to sign InpOut32. From what I’ve heard, Vista64 won’t let you use drivers that aren’t signed, but it WILL let you use drivers that are self-signed. Apparently, if you try to use drivers that are signed, but not signed by a cert approved by Microsoft, Vista64 will treat them the way Vista32 treats unsigned drivers — you’ll be told they aren’t signed by a trusted authority & asked whether you want to continue… at which point you can say, “use them anyway” and it will do it.
Put another way, Microsoft’s official documentation says that unsigned drivers are rejected by Vista 64, and Microsoft-signed drivers are OK. They’re officially silent about drivers that are signed, but not signed with a cert signed by Microsoft itself. I’m not sure, but there might be an additional step involved where you have to somehow add your cert to the list of those implicitly trusted by Windows. In any case, this will hopefully give you another possible round of leads to explore. :-)