@clrokr: Wow, interesting find. I already discovered the overwrite problem, but didn't know about editing the registry. You say you were still unable to execute programs even when the BCD setting for testsigning was present? That's a shame... means something in the either the bootloader or the EFI is enforcing it. That doesn't really surprise me, I guess; Safe Boot is an EFI feature and that's supposedly what stops BcdEdit from adding the testsigning (or debug, I noticed) options directly. Still, a worthy avenue of exploration. Also, there are probably easier and less unofficial ways to get a CMD command prompt as SYSTEM (I know of a few official ways, although the option of simple impersonation from an Admin process probably would be hard to do on a Surface).
@netham45: Testsigning mode just allows executing code that is signed with anybody's certificate, instead of only with Microsoft's cert. However, there is another bootloader option - nointegritychecks - which disables driver signing enforcement entirely on "normal" versions of Windows. It might be worth pursuing that here too...
@netham45: Testsigning mode just allows executing code that is signed with anybody's certificate, instead of only with Microsoft's cert. However, there is another bootloader option - nointegritychecks - which disables driver signing enforcement entirely on "normal" versions of Windows. It might be worth pursuing that here too...