Bug 1113600

Summary: viostor and vioscsi driver for Win8\AMD64 is not properly signed
Product: Red Hat Enterprise Linux 7 Reporter: Nikos Skalkotos <skalkoto>
Component: virtio-winAssignee: Vadim Rozenfeld <vrozenfe>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.1CC: acathrow, bcao, crobinso, ghammer, virt-maint, virt-maint, vrozenfe, yvugenfi
Target Milestone: rc   
Target Release: 7.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1117055 (view as bug list) Environment:
Last Closed: 2014-07-08 17:14:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1117055    
Attachments:
Description Flags
output of signtool command in windows none

Description Nikos Skalkotos 2014-06-26 13:42:24 UTC 
Created attachment 912426 [details]
output of signtool command in windows

Description of problem:

In the Windows driver package you offer under
http://alt.fedoraproject.org/pub/alt/virtio-win/latest/images/
viostor.sys and vioscsi.sys files for Win8\AMD64 are not properly signed.

There is no way to automatically install those drivers. You always get security warnings.

Take a look at the attached file. I can verify viostor.sys for Win7\AMD64 or Win8\x86 with signtool but not viostor.sys for Win8\amd64.

viostor.inf and vioscsi.inf as well as any other .inf and .sys file can be verified just fine. The problem is only in viostor.sys and vioscsi.sys

This problem affects virtio-win-0.1-74.iso as well as virtio-win-0.1-81.iso

This problem is very similar to this one: https://bugzilla.redhat.com/show_bug.cgi?id=1012429
Comment 5 Mike Cao 2014-07-03 04:07:17 UTC 
(In reply to Vadim Rozenfeld from comment #4)


I can reproduce this issue on RHEL8-64 w/ virito-win-prewhql-86 block/scsi
Based on above I think it is a driver bug 

2 ways to reproduce it :
1)#certutil -addstore -f TrustedPublisher C:\autotest\redhat.cer
  #pnputil -i -a XXX.inf 

Actual Results: driver can not be installed smoothly 

 2)install the driver manually ,,click "driver details" in driver properties in device manager

Actual Results :
Digital Signer part shows Not digitally signed 
Expect Results :
It should show "Red Hat Inc."

Besides above matrix 
all drivers on windows 2008 is not digital signed as well

I would like to move this bug to RHEL7 for a fix.
Comment 7 Mike Cao 2014-07-03 05:52:02 UTC 
block on windows7-64 works fine
Comment 9 Cole Robinson 2014-07-07 21:49:37 UTC 
In the future, taking a fedora bug and moving it to RHEL is not recommended:

- We want to track this bug in both places that it's broken
- The reporter and potentially other non RH people now have full access to a RHEL bug so have to be careful when talking about internal bits.

In the future, please clone the issue to RHEL. I'll clone this back to fedora.
Comment 10 Mike Cao 2014-07-08 02:52:26 UTC 
(In reply to Cole Robinson from comment #9)
> In the future, taking a fedora bug and moving it to RHEL is not recommended:
> 
> - We want to track this bug in both places that it's broken
> - The reporter and potentially other non RH people now have full access to a
> RHEL bug so have to be careful when talking about internal bits.
> 
> In the future, please clone the issue to RHEL. I'll clone this back to
> fedora.

OK

BTW this bug and 1110129 are dup
Comment 11 Mike Cao 2014-07-08 08:55:18 UTC 
After further research ,this is a test scenario  covered in test plan already and we have existing bug to track it  https://bugzilla.redhat.com/show_bug.cgi?id=1110129

I shouldn't move this bug to RHEL component ..

Mike
Comment 12 Cole Robinson 2014-07-08 17:14:35 UTC 
Okay, duping to 1110129 as according to comment #11, if that's wrong please reopen

*** This bug has been marked as a duplicate of bug 1110129 ***