Hey guys, So, I'm late to the party and been putting off Win10 long as I can. However, I'm gonna be making the jump next week and am curious about this kernel signing issue myself. I run Bitlocker with TPM and Secureboot on my system but still have need for unsigned/cross-signed kernel drivers. I caught this post elsewhere but it's relevant: So... what's the deal? Any info would be appreciated.
I wouldn't suppose its this old setting lol Code: User Key: [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Driver Signing] Value Name: BehaviorOnFailedVerify Data Type: REG_DWORD (DWORD Value) Value Data: (0 = Ignore, 1 = Warn, 2 = Block)
if its secret, I would assume its a nulled key. These keys cannot be made, seen, deleted or changed, by normal Windows API, so they are not accessible by regedit or most registry editors. Just running a searched on vanilla 14393.105 Pro returns no hidden keys.
Is there any tool available with which one could scan for potential hidden/nulled keys? The subject sounds interesting...
Ok, well I'm not too familiar with "nulled key" but any hidden keys will still be part of the hive and could be analyzed with an external dump. What we do know, is that it is a "hidden registry key" supposedly, and that it causes a fresh 1607 install to mimic an upgrade install. I'm going to spend some time diffing hives from fresh install and upgrade to see if I can find anything. I think it's at least worth a bit of research... hoping others will continue to look into this as well as there is a lot to cover. As for my install... I'll just be sticking with an upgrade to 1607 as that seems to be the easiest solution for now. Although, I'm curious about forging certs to different dates or other workarounds. If anyone has any info or advice I'd love to hear it.
I've posted about the "upgraded system" registry value in the previous driver signing thread. This one's going pretty off-topic.