Open kurgans0 opened 2 years ago
Likely related to #33 and #59 - seems to be issues with the latest "stable" iso and broken driver signature for older OS drivers.
It also appears that some drivers (irrespective of OS, I believe) are just self-signed in 0.1.217-1, compared to 0.1.215-2, for absolutely no reason whatsoever. virtio-win/kvm-guest-drivers-windows#769
Microsoft retired cross-signing certificates. Any certificate, other than WHQL certification, will be treated as test signing from now own. For Windows 10 we are providing attestation signed drivers. But MS don't have attestation signing for previous OSes.
the used self signed certificate is a fault, because the OS did not allow the installation with used RedHat Inc. certificate with following hint: A certificates basic constraint extension has not been observed:
But why usign differnt certificatres at all , because the newer drivers from 2k16 and newer used a certificate where the chain and rootCA is ok.
from my perspectice this newer certificate should also work for the older OS, or not?
@MatthiasSeu Unfortunately Microsoft retired cross signing certificates that were used to sign older OSes. Windows 10 drivers are signed with attestation signing through Microsoft HW portal. Microsoft isn't signing older OS drivers with attestation signing.
@YanVugenfirer But with this certificate, it's defently inpossible to install the drivers for os w2k12r2 and later. At the Moment, we use drivers where the certificate is expired, but when you pre-import it into trustet publisher and root ca, you can install it wihtout any troubles via pnputil.
Now I have 2 questions:
Because othervise you can face out the older os versions, or i am wrong?
I have tried to install the certificate from the .sys file but still can't get the driver to work.
Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52)
Why does it still think there is a problem with the signature after I have installed the certificate? Is there another work-around for this (besides disabling signature checking)?
Update: based on @YanVugenfirer 's comment above I discovered I can install the drivers after setting testsigning: $ bcdedit /set testsigning on I would still prefer a method to install the drivers without having to set this.
Environment
Issue Impossible to install driver on this path .\NetKVM\2k12R2\amd64\
Windows message Windows found driver software for your device but encountered an error while attempting install it. Red Hat VirtIO Ethernet Adapter A problem was encountered while attempting to add the driver to the store.
Workaround It's working with the driver 2008 R2 (.\NetKVM\2k8R2\amd64)
Source driver virtio-win-0.1.217.iso