Bug 1028861

Summary: [WHQL][vioscsi]Embedded Signature Verification failed on win2k8-32/64 guest on DTM as it is not a signed driver
Product: Red Hat Enterprise Linux 7 Reporter: Min Deng <mdeng>
Component: virtio-winAssignee: Vadim Rozenfeld <vrozenfe>
Status: CLOSED CANTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.0CC: acathrow, bcao, bsarathy, chayang, juzhang, lijin, mdeng, michen, rhod, virt-maint, vrozenfe, yvugenfi
Target Milestone: rc   
Target Release: 7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-25 15:36:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
signtool results
none
screenshot from windows server 2008 none

Description Min Deng 2013-11-11 05:12:15 UTC 
Description of problem:
Running Embedded Signature Verification job on win2k8-32/64 guests but they all failed

Version-Release number of selected component (if applicable):
virtio-win-prewhql-0.1-73
qemu-kvm-rhev-0.12.1.2-2.405.el6.x86_64
kernel-2.6.32-420.el6.x86_64

How reproducible:
4 times

Steps to Reproduce:
1./usr/libexec/qemu-kvm -M rhel6.5.0 -m 6G -smp 4,cores=4 -cpu cpu64-rhel6,+x2apic -usb -device usb-tablet -netdev tap,sndbuf=0,id=hostnet0,script=/etc/qemu-ifup,downscript=no -device e1000,netdev=hostnet0,mac=00:12:37:41:52:41 -uuid 3c14ce6c-4715-42b0-8e73-2e4000d7730f -no-kvm-pit-reinjection -chardev socket,id=111a,path=/tmp/monitor-win2k8-32-scsi,server,nowait -mon chardev=111a,mode=readline -name win2k8-64-scsi -vnc :1 -vga cirrus -rtc base=localtime,clock=host,driftfix=slew -chardev socket,id=seabios_debug,path=/tmp/monitor-seabios,server,nowait -device isa-debugcon,iobase=0x402,chardev=seabios_debug -drive file=win2k8-64-scsi.raw,if=none,media=disk,format=raw,rerror=stop,werror=stop,cache=none,aio=native,id=scsi-disk0 -drive file=disk1.raw,if=none,media=disk,format=raw,rerror=stop,werror=stop,cache=none,aio=native,id=scsi-disk1,serial=aaa -device virtio-scsi-pci,id=bus1 -device scsi-hd,bus=bus1.0,drive=scsi-disk0,id=disk,serial=test,bootindex=1 -device virtio-scsi-pci,id=bus2 -device scsi-hd,bus=bus2.0,drive=scsi-disk1,id=disk1,serial=test1 -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=0 -monitor stdio
2.submit the job to DTM
3.

Actual results:
The job failed 
Expected results:
The job can pass.

Additional info:
Upload cpk file to the bug
Comment 1 Min Deng 2013-11-11 05:17:35 UTC 
Created attachment 822272 [details]
CPK
Comment 3 Min Deng 2013-11-11 08:11:32 UTC 
Hi all,
   I've tried the bug on HCK but it still failed with the same error.
Thanks
Min
Comment 4 Vadim Rozenfeld 2013-11-11 08:30:48 UTC 
(In reply to dengmin from comment #3)
> Hi all,
>    I've tried the bug on HCK but it still failed with the same error.
> Thanks
> Min

Do you see the same problem on Win8/WS2012 ?

Thanks,
Vadim
Comment 5 Min Deng 2013-11-11 08:53:48 UTC 
(In reply to Vadim Rozenfeld from comment #4)
> (In reply to dengmin from comment #3)
> > Hi all,
> >    I've tried the bug on HCK but it still failed with the same error.
> > Thanks
> > Min
> 
> Do you see the same problem on Win8/WS2012 ?
> 
> Thanks,
> Vadim

Hi Vadim,
   The issue doesn't happen on win8 and win2012 guest,and there was a fixed bug about this job - https://bugzilla.redhat.com/show_bug.cgi?id=690713,they are very similar so it maybe helpful,any issues please let me know.
   
Thanks 
Min
Comment 6 Mike Cao 2013-11-11 08:59:43 UTC 
I check the all the testing results find that win7-32/64,win2k8R2 does not hit this issue on HCK2.0 while their drivers are same as the win2k8's which are running on WLK1.6
Comment 7 Min Deng 2013-11-20 10:17:39 UTC 
Unfortunately,the job still failed via build 74,so please double check,thanks
Comment 8 Vadim Rozenfeld 2013-11-20 10:34:07 UTC 
(In reply to dengmin from comment #7)
> Unfortunately,the job still failed via build 74,so please double check,thanks

Thanks,
looks like some problems in the build VM itself.
Will thry to find out what's wrong with it asap.

Vadim.
Comment 9 Vadim Rozenfeld 2013-11-25 08:35:19 UTC 
could you please verify the vioscsi signature manually with signtool, like 
"signtool verify /pa /v vioscsi.sys" and post the output?

Thanks,
Vadim.
Comment 10 Min Deng 2013-11-25 09:00:48 UTC 
Hi Vadim,

   The vioscsi driver for win2k8 guest has been verified successful.And please see the detail attachments.

Thanks
Min
Comment 11 Min Deng 2013-11-25 09:01:40 UTC 
Created attachment 828570 [details]
signtool results
Comment 12 Vadim Rozenfeld 2013-11-25 09:36:30 UTC 
Thanks, Min.

It's what I'm getting on my system as well.

Best regards,
Vadim.
Comment 13 Mike Cao 2013-11-25 09:44:00 UTC 
(In reply to Vadim Rozenfeld from comment #12)
> Thanks, Min.
> 
> It's what I'm getting on my system as well.
> 
> Best regards,
> Vadim.

FYI .
We may hit http://osronline.com/showThread.CFM?link=230046
Comment 19 Min Deng 2013-11-29 06:53:30 UTC 
  Double check,the job passed on hck2.0 on both win2k8-64 and win2k8-32 guest (build74)
  Thanks
  Min
Comment 20 Yvugenfi@redhat.com 2013-12-08 13:32:25 UTC 
Please provide 32bit CPK as well.

Thanks,
Yan.
Comment 22 Min Deng 2013-12-11 07:43:08 UTC 
Hi Yan,

   Upload cpk&hck to the bug,any issues please let me know.
Thanks
Min
Comment 23 Min Deng 2013-12-11 07:49:03 UTC 
Created attachment 835154 [details]
LOG
Comment 24 Yvugenfi@redhat.com 2013-12-11 09:12:35 UTC 
Thanks!
Comment 25 Mike Cao 2013-12-13 03:26:35 UTC 
(In reply to Vadim Rozenfeld from comment #12)
> Thanks, Min.
> 
> It's what I'm getting on my system as well.
> 
> Best regards,
> Vadim.

Vadim .mdeng 

Which platform are you using to run signtool for windows server 2008 ?
It failed on the windows 2008 .
Referring to the screen dump
Comment 26 Mike Cao 2013-12-13 03:28:11 UTC 
Created attachment 836111 [details]
screenshot from windows server 2008
Comment 27 Min Deng 2013-12-13 03:55:09 UTC 
Created attachment 836116 [details]
from win2008 guest
Comment 28 Vadim Rozenfeld 2013-12-13 04:18:42 UTC 
I tested on WS2012
Comment 29 Mike Cao 2013-12-13 05:20:47 UTC 
(In reply to Vadim Rozenfeld from comment #28)
> I tested on WS2012

Vadim .So that should be the key point .
We need to run signtool for the specified operation system (2008) to see whether the driver is digital signed in such os .
Comment 30 Vadim Rozenfeld 2013-12-13 09:45:49 UTC 
(In reply to Mike Cao from comment #29)
> (In reply to Vadim Rozenfeld from comment #28)
> > I tested on WS2012
> 
> Vadim .So that should be the key point .
> We need to run signtool for the specified operation system (2008) to see
> whether the driver is digital signed in such os .

I will recheck it on W2K8

Cheers,
Vadim
Comment 35 Ronen Hod 2014-03-25 11:00:19 UTC 
Mike Cao,
Where do we stand with this bug?
Deferring, since anyhow an Internet connection solves it.
Comment 36 Mike Cao 2014-03-25 15:36:26 UTC 
dengmin,,pls mark it in our FAQ