How do I disable digital signature checking for Windows 8.1 EFI files?

4

I'm trying to patch my bootmgfw.efi file to change the background color of the BitLocker password prompt and other Windows bootup screens. I found the values to search for and replace for the color (B2 67 20 FF) and verified in IDA Pro that they were all near calls to functions related to the display (they were.) I copied the file to my EFI system partition, backing up the original, and rebooted.

When my computer rebooted, after the BIOS finished, it took me to a screen, in my new color, with the following error:

Recovery

Your PC needs to be repaired.

The digital signature for this file couldn't be verified.

Error code: 0xc0000428

You'll need to use the recovery tools on your installation media. If you don't have any
installation media (like a disc or USB device), contact your system administrator or PC
manufacturer.

Press Esc for UEFI Firmware Settings

Pressing Escape didn't take me to a menu where I could disable the signature checking or anything; just my CMOS setup, where I already have Secure Boot disabled.

I was able to easily restore the backup using the installation media as it said, but how can I tell Windows that the invalid digital signature is not the result of malicious software, but rather an intentional change on my part?

boot
windows-8.1
uefi
efi
digital-signature
asked on Super User Apr 22, 2015 by flarn2006 • edited Apr 23, 2015 by flarn2006

3 Answers

1

Boot into the UEFI (basically BIOS) and disable secureboot. To get into the firmware, search for advanced reboot options and an option should be there. I don't recall the specifics, as when I get a Windows 8 machine I always nuke it and install arch linux, so I only do it once a machine.

answered on Super User Apr 23, 2015 by hanetzer
0

Press F8 while Windows is starting and choose Disable Digital Signature from the menu. You might have to do that each time though, I'm not sure. If you do, i'd rethink changing the colors. I'd rethink anyway since the signature is there to prevent tampering from viruses and rootkits.

answered on Super User Apr 23, 2015 by Andy
-1

change your date in bios setup this will help you to boot your system

The digital signature for this file couldn't be verified. bcoz may be your digital signature expired so change your bios date to previous date but every time you need to this until you buy new digital signature.

watch this video to change date in bios. Maybe your system have different bios setup menu

answered on Super User Aug 23, 2016 by Saurabh Chandra Patel • edited Aug 24, 2016 by Saurabh Chandra Patel

User contributions licensed under CC BY-SA 3.0