1

Topic: To include Security Boot for Win 10

Now I alter the driver for the last versions 10 of Windows and I can not adjust the computer under them in any way, . that the Windows did not load the driver with SHA1. For this purpose I come in  I transport it in pure UEFI and I include option Security Boot. I overload a computer - all remains on former, all old the driver are loaded. I load msinfo32 and I see  it is installed in UEFI, and the mode of safe loading is disconnected, why? The Windows cost last, 1703.

2

Re: To include Security Boot for Win 10

Hello, Vicul, you wrote: V> Now I alter the driver for the last versions 10 of Windows and I can not adjust the computer under them in any way, V> . that the Windows did not load the driver with SHA1. As the variant - can be used Hyper-V the last versions (with Generation-2), it supports Secure Boot for virtual machines. V> for this purpose I come in  I transport it in pure UEFI and I include option Security Boot. V> I Overload a computer - all remains on former, all old the driver are loaded. The system should be installed on GPT-undressed in mode UEFI. And the video-card should support Graphics Output Protocol (GOP), differently quits nothing. For example, at me Secure Boot on Windows 10 earned only after I changed the videocard with GeForce 210 on GeForce GTX 750ti.

3

Re: To include Security Boot for Win 10

Hello, okman, you wrote: O> the System should be installed on GPT-undressed in mode UEFI. O> And the video-card should support Graphics Output Protocol (GOP), differently quits nothing. By the way, and a reverse variant - to disconnect Secure Boot after the system was installed and booted in it, how much difficult? The last my notebook went with ten, installed in UEFI, but I took down it and delivered the seven which from UEFI is not present any I pound, therefore switched BIOS in a normal mode of loading, and the section made MBR, therefore to check up there is nothing. It will be necessary   with Secure Boot - under VMware Workstation 12 it like as should work. And still a question: the unsigned drivers installed by reboot with switch-off of check of signatures, in Secure Boot boot? Or boot only valuably signed?

4

Re: To include Security Boot for Win 10

I eat> By the way, and a reverse variant - to disconnect Secure Boot after the system was installed and booted in it, how much difficult? At me users simply disconnected this option in  and all. I eat> It will be necessary   with Secure Boot - under VMware Workstation 12 it like as should work. I did not find this option there I eat> And still a question: the unsigned drivers installed by reboot with switch-off of check of signatures, in Secure Boot boot? Or boot only valuably signed? The driver all boot, but boot unsigned, they are visible in a device the manager, but programs them do not see.

5

Re: To include Security Boot for Win 10

O> And the video-card should support Graphics Output Protocol (GOP), differently quits nothing. And how to define, what I  supports ? At me GTX-650?

6

Re: To include Security Boot for Win 10

Hello, Vicul, you wrote: I eat>> under VMware Workstation 12 it like as should work. V> I did not find this option there "Boot with EFI instead of BIOS" in Options/Advanced. V> the driver all boot, but boot unsigned, they are visible in a device the manager, but programs them do not see. Did not understand. If the driver boots - it cannot be "invisible" (if, of course, it does not want).

7

Re: To include Security Boot for Win 10

I eat> did not understand. If the driver boots - it cannot be "invisible" (if, of course, it does not want). Here the driver with the old signature from switched on Sekuriti  an option after loading in programs users it do not see

8

Re: To include Security Boot for Win 10

Hello, Vicul, you wrote: V> here the driver with the old signature from switched on Sekuriti  an option after loading V> Image: file.php And it is not loaded. V> in programs users it do not see It is no wonder.

9

Re: To include Security Boot for Win 10

Hello, Evgenie Muzychenko, you wrote: I eat> Hello, okman, you wrote: O>> the System should be installed on GPT-undressed in mode UEFI. O>> And the video-card should support Graphics Output Protocol (GOP), differently quits nothing. I eat> By the way, and a reverse variant - to disconnect Secure Boot after the system was installed and booted in it, how much difficult? Completely not difficult. Simply you come in BIOS and you disconnect. In Hyper-V too becomes one tick in adjustments. I eat> the Last my notebook went with ten, installed in UEFI, but I took down it and delivered the seven which from UEFI is not present any I pound, therefore switched BIOS in a normal mode of loading, and the section made MBR, therefore to check up there is nothing. It will be necessary   with Secure Boot - under VMware Workstation 12 it like as should work. VMWare supports loading in mode EFI, but Secure Boot there is not present. I eat> And still a question: The unsigned drivers installed by reboot with switch-off of check of signatures, in Secure Boot boot? Or boot only valuably signed? How much I remember, when Secure Boot is included to disconnect check of sign-code signatures it is impossible.

10

Re: To include Security Boot for Win 10

Hello, Vicul, you wrote: V> And how to define, what I  supports ? At me GTX-650? Most likely, does not support. I read at forums GeForce that support GOP appeared only in 700th and 900 series. Here the incomplete list: GT-730 GT740/745 GTX750/750ti GTX950 GTX960 GTX970 GTX980 GTX980ti

11

Re: To include Security Boot for Win 10

Hello, okman, you wrote: O> VMWare supports loading in mode EFI, but Secure Boot there is not present. Yes, it is supported with Virtual Hardware 13. The last version WS - 12.x, so while only in server variants. In WS 13, most likely, earns. O> how much I remember, when Secure Boot is included to disconnect check of sign-code signatures it is impossible. I about that at disconnected SB to boot with the disconnected check of signatures to deliver unsigned driver, and what for to include SB.

12

Re: To include Security Boot for Win 10

Hello, Evgenie Muzychenko, you wrote: I eat> about that at disconnected SB to boot with the disconnected check of signatures, to deliver unsigned driver, and what for to include SB. And what it gives? Switch-off of check of sign-code signatures operates only before the following loading. The driver will be delivered. But then the system will be rebooted with Secure Boot, sign-code signatures are again activated. And the driver will not be loaded...

13

Re: To include Security Boot for Win 10

O> Most likely, does not support. O> I read at forums GeForce that support GOP appeared only in 700th and 900 series. Strange, delivered the utility gpu-z it shows that support uefi is. For this purpose it is necessary to include in  here is how time Security Boot. It ? The second card built in by video can (the Intel hd 4600) spoils all? But it to what is not connected. It, by the way too supports uefi

14

Re: To include Security Boot for Win 10

Hello, Vicul, you wrote: V> it is strange, delivered the utility gpu-z it shows that support uefi is. For this purpose it is necessary to include in  here is how time Security Boot. It ? Apparently, support GOP also means operation possibility in mode UEFI. But I all the same doubt that on GTX-650 it will be got. On EVGA and other forums repeatedly read that GOP/UEFI normally works only on GeForce series 700 (if to be exact - 740) and above and on 900 and above. Also check up that at you the system meets the remaining requirements. I.e. it 64-bit, is installed on GPT-undressed in mode UEFI, in BIOS is ungeared SCM etc. At me, for example, when I include Secure Boot in BIOS, to me suggest to disconnect SCM and to look, in what it results. I.e. ' Save settings and exit ', then the computer again turnes on and there it is already visible, earned Secure Boot or not. While I did not change the GeForce 210 on GeForce GTX 750ti, worked nothing also any dances with a tambourine did not help. V> the second card built in by video can (the Intel hd 4600) spoils all? But it to what is not connected. It, by the way too supports uefi Try  all superfluous. For example, in turn both videos of a card (if it is possible).

15

Re: To include Security Boot for Win 10

Hello, okman, you wrote: O> Switch-off of check of sign-code signatures operates only before the following loading. Somewhere read that, at presence at the driver.cat, signed by the self-made certificate, it is possible to deliver this business at loading with the forbidden check of the signature, and then the driver will boot and in a normal mode, but did not check it. Now in the seven checked up - not . And if the self-made certificate by which it is signed.cat, in ten is installed in TrustedRoot - at Secure Boot it rolls? In a normal mode - yes.

16

Re: To include Security Boot for Win 10

Hello, Evgenie Muzychenko, you wrote: I eat>... I eat> And if the self-made certificate by which it is signed.cat, in ten is installed in TrustedRoot - at Secure Boot it rolls? In a normal mode - yes. With self-made not . Without variants. I.e. to become it, maybe, and becomes, but will not boot.

17

Re: To include Security Boot for Win 10

Hello, Evgenie Muzychenko, you wrote: I eat> Somewhere read that, at presence at the driver.cat, signed by the self-made certificate, it is possible to deliver this business at loading with the forbidden check of the signature, and then the driver will boot and in a normal mode, but did not check it. Now in the seven checked up - not . I eat> And if the self-made certificate by which it is signed.cat, in ten is installed in TrustedRoot - at Secure Boot it rolls? In a normal mode - yes. Sorry, whether correctly I understood, what possibility of loading of the self-signed drivers without switching-on of a test mode (in the absence of Secure Boot) affirms? How much I remember, in 64-bit Windows it was impossible any shifts, including  the certificate in storage. The Driver is put, but refuses to be loaded. At least, in Whist and the seven so was, when I checked it.

18

Re: To include Security Boot for Win 10

Hello, CaptainFlint, you wrote: whether CF> correctly I understood, what possibility of loading of the self-signed drivers without switching-on of a test mode (in the absence of Secure Boot) affirms? How much I remember, in 64-bit Windows it was impossible any shifts, including  the certificate in storage. This business works somehow very strange. The majority of sys-files native  drivers is not signed - are signed only them cat/inf. If for any device to make the inf, referring on native  the driver (for example, usbser or winusb) - the driver does not boot with the complaint to the untestable signature. But if to sign this cat the self-made certificate which to push in Trusted Root - the driver perfectly boots even in the last tens. I did thus cat/inf for loaders of phones on Mediatek (the driver usbser). Now tried to install thus the driver which is not present in a standard set of Windows - it is not loaded. Whether that bungled, whether for native drivers any facilitated check but then it is not clear why they are not loaded through inf without signed cat is provided.

19

Re: To include Security Boot for Win 10

Hello, Evgenie Muzychenko, you wrote: I eat> But if to sign this cat the self-made certificate which to push in Trusted Root - the driver perfectly boots even in the last tens. It booted only because somewhere in system there was a file.cat with the signature of Microsoft for this driver. I too faced it - one person at other forum somehow told that signed  the certificate any indirect packets of drivers which had problems with setting and after that all worked on x64, without test signing, etc. And the wow-effect has been strengthened also by that these drivers were integrated at image system preferences and there even there was any special key, I see Dism/ForceUnsigned etc., certainly, did not check, began to object, check at myself etc. As a result it appeared that drivers booted only because they were already signed also corresponding.cat was in system, with the cross connect-certificate, etc., that is, all as is necessary. Simply at a setting stage sometimes there were problems at a stage of check of certificates: whether any intermediate certificate has not been installed, whether still something - for Windows such  are typical, itself faced repeatedly. One more moment which explains business -  files which are stored in.cat a little, is not absolutely normal SHA-1, these are so-called Authenticode-heshi, they are calculated only from "a significant" part exe/dll/sys. For example, the same EXE file signed by different certificates, will have identical Authenticode-heshi. In it a solution part...

20

Re: To include Security Boot for Win 10

Hello, okman, you wrote: O> It booted only because somewhere in system there was a file.cat with the signature of Microsoft for this driver. I suspected it, but type messages "was overloaded with the prohibition of check of the signature, delivered the driver, was overloaded in a normal mode, the driver works" made impression that such method quite suits. Most likely, similar examples just concerned type drivers usbser/winusb when even presence in a setup package of sys-files does not hinder system to assign built in.

21

Re: To include Security Boot for Win 10

V> I Load msinfo32 and I see  it is installed in UEFI, and the mode of safe loading is disconnected, why? Earned!!!! At me in  has not been installed Platform Key, this option appears, when turnes on Security Boot. Generated all by default - all earned