Driver signatures verify the integrity of the driver software and their developers. Windows enforces the verification of driver signatures before installing or loading them as a security measure.
While this enforcement does protect your system against malicious threats, you may have to disable it in two situations. First– if you need to install a driver without a valid driver signature, and second– as a temporary fix for specific Blue Screen of Death (BSOD) loops.
Even then, only disable it temporarily. For all other situations, you shouldn’t touch this feature as it’s an important security feature.
Let’s discuss everything in detail.
What Does Driver Signature Enforcement Do?
Whenever you try to install or update a driver file, the driver signature enforcement feature will not allow the installation if,
- The file is corrupted, damaged, or tampered with (contains malware and such)
- The driver package does not have a valid signature from a trusted source
- The driver’s signature has expired
Also, after your UEFI firmware loads the OS, it verifies your critical device drivers by checking their digital signature. If it finds anomalies, you will be stuck in a BSOD loop and can’t boot to Windows.
What Happens When I Disable Driver Signature Enforcement?
If you disable driver signature enforcement, your system bypasses both of the above verification processes. This comes with the following pros and cons:
- You can install third-party drivers that do not have valid signatures. Just make sure that the driver packages are safe.
- You can boot to Windows even when your system can’t verify critical system drivers due to some corruption, or when their signature expires.
- You can use old unsupported drivers on old OS, in case the current drivers don’t work.
- It leaves behind a security vulnerability and exposes your system to malware and other threats.
- It becomes easier to install incompatible drivers. In such cases, you may experience other system issues.
- Manually disabling this built-in security setting may void your warranty.
When to Disable Drive Signature Enforcement?
Microsoft may not have recorded the signatures of some less-known printers, scanners, and webcam drivers. You can temporarily disable the device signature enforcement to install such unsupported drivers.
Also, if you experience some BSODs like 0xc000021a, disabling this enforcement may allow you to access Windows. You can disable it until you figure out the proper solution to such issues.
If you do wish to disable this feature, check out my How to Disable Driver Signature Enforcement guide for the necessary methods.