zodiacon / TotalRegistry

Total Registry - enhanced Registry editor/viewer
MIT License
1.41k stars 119 forks source link

disable driver signature enforcement vs. secure boot #48

Open KyleKolander opened 2 years ago

KyleKolander commented 2 years ago

First off, thank you for making available all of these cool apps! I use them alongside Sysinternals and NirSoft, which is very good company to keep. :smiley:

I'm running Windows 11 Pro with Secure Boot on (yes, I've read the other issues), but I also disabled driver signature enforcement (per this article: Installing Unsigned Drivers on Windows 10 or 11). It seems like this guy is saying we can temporarily disable driver signature enforcement to install the driver. After rebooting, driver signature enforcement will be on again and everything should just work because the driver is already installed. Clearly this doesn't work as expected (or I wouldn't be posting here), so this is likely just me misunderstanding some fundamental concept. Could you please ELI5 why disabling driver signature enforcement isn't sufficient? What would it take to be able to use Total Registry (as Administrator) and still get the benefits from Secure Boot?

I love the Bookmarks feature - but I can't use Total Registry as a Registry Editor replacement (my goal) if I'm unable to view/edit so many keys. I could disable Secure Boot, but that just feels wrong.

zodiacon commented 2 years ago

Thanks :) First, the driver is optional. You have the same powers as RegEdit when you run TotalReg elevated. Second, there is no way to disable DSE if Secure Boot is on - that's one of the reasons to keep it on! The driver is properly signed, but is not signed by Microsoft, which is a requirement when Secure Boot is on.

KyleKolander commented 2 years ago

So it sounds like I'm an idiot, huh? ha ha. When I run as Administrator, I see the error message "Failed to load kernel driver. Some keys will be inaccessible". What does that mean then? What are some examples of keys that will be inaccessible? And, to clarify, it sounds like you're saying that if a key is inaccessible in Total Registry then it will also be inaccessible in Registry Editor (both being run as Administrator)?

zodiacon commented 2 years ago

This is correct. For example, some keys that are protected and owned by Trustednstaller will be inaccessible by an admin as well. Although an admin can use the Take Ownership Privilege to change the permissions and allow itself access.

zodiacon commented 2 years ago

I'm considering removing the driver or just silently ignore failures to load.

KyleKolander commented 2 years ago

OK, well that's good then! 😁

I agree that removing the error message would be beneficial.

Out of curiosity, what benefits /features does the driver provide?

zodiacon commented 2 years ago

It allows access to otherwise inaccesible keys regardless of their security permissions.

zodiacon commented 2 years ago

I've actually removed the error message in the latest code already ;)

KyleKolander commented 2 years ago

That was fast! Will you push a new release of Total Registry, or will that require that I build it locally?

I tried building it locally and was not successful. I installed the C++ workload (and ATL stuff) and installed the WDK, which also installed the VS 2022 extension, but then VS wouldn't start - it just hung on the splash screen. I ran in safe mode and VS started up, so I uninstalled the WDK driver, and then VS would start normally again. Then I tried building, but it wouldn't load the Installer project (said it was an unsupported type) and it wouldn't load the WTLHelper project. So I removed the Installer project. Then I removed the WTLHelper folder from the Total Registry repository, cloned the WTLHelper repository and created a directory junction from the Total Registry repository pointing to the WTLHelper repository. It was able to load the project, but failed with build errors. So I removed the WTLHelper project and tried to build again, but got the following error. It seems I have a chicken/egg problem - the solution won't build without the WDK extension, but VS won't start with the WDK extension. What am I doing wrong?

error MSB8020: The build tools for WindowsKernelModeDriver10.0 (Platform Toolset = 'WindowsKernelModeDriver10.0') cannot be found. To build using the WindowsKernelModeDriver10.0 build tools, please install WindowsKernelModeDriver10.0 build tools. Alternatively, you may upgrade to the current Visual Studio tools by selecting the Project menu or right-click the solution, and then selecting "Retarget solution".

zodiacon commented 2 years ago

Unfortunately, MS made a mess if you have VS 2019 and 2022 installed and you try to install the latest WDK. There is an outstanding issue they have not resolved yet (and it's been more than a month!). The installer project is optional (you can find the template as an extension VS 2022 Installer Project or similar). if you change the project properties (General) Windows SDK version to build 22000, it should compile fine.

KyleKolander commented 2 years ago

I tried but was unable to get it to compile and I just gave up. 😮‍💨 That's OK, though. I downloaded the latest version from your other repo with all the tools, and it no longer displays the error message. Thanks for the help and feel free to close this issue whenever you want.