Skip to content Skip to main navigation Skip to footer

New Driver Signing uses SHA256 as Required by Microsoft

Problem:

Installing Image for Windows, PHYLock, or TBIMount on versions of Windows 7 or Windows Server 2008 R2 results in an error message that a digitally signed driver is required. The message is displayed after the installation has completed and, in the case of a reboot being necessary, may appear after the option to restart the system has already been selected. Note that on some systems a warning will not be displayed.

This issue does not affect Windows 8.0 or later.

Example error:

Windows requires a digitally signed driver

A recently installed program tried to install an unsigned
driver. This version of Windows requires all drivers to have a
valid digital signature. The driver is unavailable and the
program that uses this driver might not work correctly.

Uninstall the program or device that uses this driver and
check the publisher's support website to get a digitally
signed driver.

Driver: phylock
Service: phylock
Publisher: TeraByte, Inc.
Location: C:\Windows\System32...\phylock.sys

In the case of the phylock.sys driver, booting the system in this state will result in Windows failing to start. In most cases, Windows will boot to the Recovery Environment (WinRE) and perform a Startup Repair, which will use System Restore to return the system to a bootable state. The root cause found would be reported as "Boot critical file ...\phylock.sys is corrupt."

Cause:

The Windows installation is not updated (Microsoft issued updates to add support for SHA-2 signing and verification functionality in March 2015).

Solution:

There are several options available to resolve this issue:

  • Update Windows so that it's current (recommended). At the very least, it's necessary to install KB3033929 to add support for SHA-2. Links to the update and instructions for the affected versions of Windows can be found at the following Microsoft page: https://technet.microsoft.com/en-us/library/security/3033929

  • When booting Windows, press F8 to enter the Advanced Boot Options menu. On that menu, select the Disable Driver Signature Enforcement option. This allows the system to boot with the driver still installed.

For more details, please refer to the following Microsoft KB article:
Microsoft Security Advisory 3033929

Was This Article Helpful?

0