Bug 1743480

Summary: Getting (code 52) on Virtio Ethernet drive, windows 10 host.
Product: [Community] Virtualization Tools Reporter: Oz Dror <odror7>
Component: virtio-winAssignee: Amnon Ilan <ailan>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: ghammer, haoliu, lijin, virt-maint, vrozenfe, yvugenfi
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Windows   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-30 11:03:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1376048    
Bug Blocks:    
Attachments:
Description Flags
Log file none

Description Oz Dror 2019-08-20 05:43:18 UTC 
Created attachment 1605968 [details]
Log file

Description of problem: When using OVMF guest BIOS, The Virtio Ethernet driver and other drivers including the balloon and the Serial driver failed to be activate at boot because Windows cannot verify the Driver signatures (code 52)

The issue does not occurs with no OVMF bios.



Version-Release number of selected component (if applicable):

Windows 10 version: Windows 10 pro 1903

Host OS: Ubuntu 19.10
Qemu version: 3.1.0
Virtio-win version: 0.1.171


How reproducible:
Every time. If I disable the driver verification in windows 10. the issue goes away.
Comment 2 Yvugenfi@redhat.com 2019-08-20 09:18:48 UTC 
Hi,

Do you have secure boot enabled?

Thanks,
Yan.
Comment 3 Oz Dror 2019-08-20 13:56:32 UTC 
Yes secure boot is enabled
Comment 4 Oz Dror 2019-08-20 16:56:29 UTC 
So where do you find the RHEL WHQL virtio drivers
Comment 5 Oz Dror 2019-08-20 23:15:16 UTC 
I have disabled secure boot, and now it is working.  The problem is that I need to have secure boot this w10 machine is for work. Without secure boot I might not be able to use it. 

Thanks
Comment 6 lijin 2019-08-21 00:56:13 UTC 
This is a dup of bz1666705, if secure boot is enabled, msft signed drivers are required.

For redhat customers, they can get the whql signed drivers via redhat subscription.
For upstream users, "disable the driver verification" could be a workaround.

Yan, what's your opinion?
Comment 7 Yvugenfi@redhat.com 2019-08-21 12:21:03 UTC 
(In reply to lijin from comment #6)
> This is a dup of bz1666705, if secure boot is enabled, msft signed drivers
> are required.
> 
> For redhat customers, they can get the whql signed drivers via redhat
> subscription.
> For upstream users, "disable the driver verification" could be a workaround.
> 
> Yan, what's your opinion?

We are discussing internally the option to provide upstream users with attestation signed drivers.
Comment 8 Oz Dror 2019-08-21 13:17:14 UTC 
When should I check if it becomes available.

Thanks
Comment 9 Yvugenfi@redhat.com 2019-08-21 13:27:59 UTC 
Oz, I suggest to be in touch towards beginning of September regarding the decisions.
Comment 10 Oz Dror 2019-09-23 02:01:28 UTC 
Hi any news regarding the availability of  whql virtio driver. Thanks
Comment 11 Oz Dror 2019-09-23 02:02:18 UTC 
Hi any news regarding the availability of  whql virtio driver. Thanks
Comment 12 Amnon Ilan 2019-10-12 13:47:29 UTC 
(In reply to Oz Dror from comment #11)
> Hi any news regarding the availability of  whql virtio driver. Thanks

We will not provide the attestation signed drivers upstream in the near future

Are you a Red Hat customer? then you can get the whqled drivers. 
Otherwise, you can try to whql the drivers with MSFT on your own (with your device ids)
Comment 14 Amnon Ilan 2019-12-30 11:03:17 UTC 
Closing as wontfix. Feel free to comment