For installing driver version 2.6.2.126 or higher on Windows 10 devices, disabling of Secure Boot UEFI (BIOS) must be done. We have compiled further information on this topic for you.
What is Secure Boot?
Secure Boot is a part of the UEFI (Unified Extensible Firmware Interface), still called "UEFI Bios" and found on current mainboards. Secureboot was launched by the company Microsoft® and is used primarily to provide, e.g. Windows® tablets, or Windows® Phone®, as well as Windows® PCs, to prevent the kernel for any changes through a user, e.g. Installing other operating systems or installing drivers that could destabilize the system. What makes sense for mobile devices which running with Windows® 10 is to significantly reduce the comfort of a PC. Manufacturers who ship Windows® PCs with Windows® 10 logo are committed to activate Secure Boot. If Secure Boot is active, Microsoft® decides what can be installed or not, which hardware can be used and which not, because only what is signed by Microsoft® can now be installed on the Windows® device. On mobile devices, Secure Boot can not be disabled by a switch in the BIOS, for example, to prevent access to the kernel and loader through user, driver and malicious software or installing other OS. What is required on mobile devices does not apply to Windows® PCs. On a PC, you can disable the BIOS Secure Boot, which now allows the user to use, for example, signed hardware, drivers or software that has not been signed directly by Microsoft®.
Why I can install older drivers, which are not signed by Microsoft®?
Microsoft® has defined, that it is possible to install drivers on Windows® 10 1607 which was signed with non-Microsoft® signatures before July 29. 2015 and use at least the SHA1 signature algorithm, even though the Secure Boot is enabled due to backward compatibility. Drivers which was signed after July 29. 2015, must be signed by Microsoft® to be able to move into the kernel when the Secure Boot is enable.
Why do I get a signature error when installing under Windows® 10 - 1607 despite the current driver?
Our signature is valid and signed according to SHA2 (current required standard), but not directly from Microsoft®. Our signed drivers can also be installed under Windows® 10, but Microsoft® Secure Boot will only allow Microsoft® Certified drivers into the system, which was signed after 29 July 2015.
How can I install the current driver?
After switching on the PC, go directly into the BIOS, usually by pressing the Del or F2 key, you will find more detailed information in the manual of your mainboard. In the security settings (depending on the motherboard model), you usually find the settings for "Secure Boot". Enable / Disable is possible here, or Windows®OS / Other OS / Other operating system. To disable Secure Boot, set the setting to "disable" or "OtherOS / Other operating system". After saving the settings and restarting the PC, you can now install drivers and software components which have a valid signature but do not have to come from Microsoft®.
Can I install an older driver before the 29th July 2015?
Yes, you can. Drivers up to version 2.6.1.118 can be installed. Whether your Digital Devices product is supported by these drivers can be found in the driver's ChangeLog under:
Https://www.digital-devices.eu/downloads-www/treiber/windows/ChangeLog_2.3.0.47.txt
Is my system endangered if I disable Secure Boot?
Basically, a 100% protection is not possible, which has curiously proven Secure Boot itself, because by a forgotten debug function in Secure boot (see Google search: "Secure Boot backdoor") a backdoor was opened instead to close another one. By locking the kernel, malicious software should also be blocked. With an update in November, a fix was released, but some server did not want to boot anymore (see Google search: "secure boot server lenovo®"). In the case of Secure Boot, the operating system and the BIOS are interlocked, which may require on both side an update, namely the motherboard firmware and the Windows® system, but if the motherboard manufacturer does not react immediately? Secure Boot is critical for desktop systems. On the other hand, Microsoft® hope of more control itself over systems which are delivered out with Windows®, but the use of the system is limited. Hardware from manufacturers who do not offer Windows® certified drivers, despite a valid signature, can not be used and this is the main problem. Microsoft® has defined that PC manufacturers must Secure Boot enable by default who have the Windows® logo on the device and. If you want to use signed drivers for your hardware in your system, which has not been signed by Microsoft® or would like to install a different operating system such as Linux, you must disable Secure Boot.
Will Digital Devices offer Microsoft® signed drivers?
At the moment, we elaborate a solution regard to advantages, costs and benefits. The certification by Microsoft® is associated with high expenses, which we would have to trace back to the cost of our hardware. Our products are especially used on the professional level, and therefore they are of a high quality, insteadt products for home using, e.g. For the operation in 24/7 systems, the possibility of firmware updates, improvements and updates of the hardware revisions, etc. The applications range from analysis of digital media to streaming providers. These advantages also ensure a stable use in media center systems for home use. Many of these innovations require a regular update of the driver and changes to the hardware. We want to keep the costs in the manufacturing and development stable for our customers and therefore we hvae no Microsoft® signatures of the moment.
Thanks for reading
Your Digital Devices Team
« Zurück
Datenschutzerklärung | Impressum