Bug 798498

Summary: [virtio-win] NetKVM and viostor drivers are not signed properly in pre-WHQLed build
Product: Red Hat Enterprise Linux 6 Reporter: Min Deng <mdeng>
Component: virtio-winAssignee: Yvugenfi <yvugenfi>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.3CC: acathrow, bcao, bsarathy, dawu, juzhang, michen, vrozenfe
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-05 14:04:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Netkvm
none
viostor
none
balloon
none
serial
none
Verification with sign tool
none
Device manage and sigverif tool output none

Description Min Deng 2012-02-29 03:42:03 UTC 
Description of problem:
a.File version on NetKvm's property page is a little different with others
b.The Digitally signer should be uniform for the four drivers

Version-Release number of selected component (if applicable):
virtio-win-prewhql-0.1-23

How reproducible:
Always
Steps to Reproduce:
Part one,
1.install virtio-win-prewhql-0.1-23 on windows 2k3-64 guest
2.open c:\windows\system32\drivers\netkvm.sys
3.right click on it and check the file version,
  It shows like 52.63.103.2300 but others (balloon,vioser,viostor) show as 52.63.103.2300 built by:WinDDK.

Part two,
For viostor and metkvm's Digitally Signer,they are "Not Digitally signed"
For balloon and vioser,they are "Red Hat Inc." 
 
Actual results:

Expected results:

Additional info:
Comment 2 Yvugenfi@redhat.com 2012-02-29 12:22:56 UTC 
I think we should separate this report into two separate bugs:

1. Problem with digital signature during build:
All the drivers should be digitally signed during the build.
Please report on what exact guest OSes the lack of digital signature was found. This is a severe problem and should be assigned to release engineering. Drivers without signature could not be used on x64 guests starting from Vista and cannot be WHQLed certified.

2. Version text - this is a very minor issue.
Probably we should remove "built by:WinDDK" string.
Comment 3 Yvugenfi@redhat.com 2012-02-29 12:25:00 UTC 
I might be a little bit confused:

When you say : "For viostor and metkvm's Digitally Signer,they are "Not Digitally signed"
For balloon and vioser,they are "Red Hat Inc." " - do you mean the whole package or the driver binary?

It could be you have a mixture of driver versions on the system - packages that were WHQLed certified and new build that still wasn't certified and thus is signed with Red HAt signature only.
Comment 4 Min Deng 2012-03-01 04:08:24 UTC 
(In reply to comment #3)
> I might be a little bit confused:
> 
> When you say : "For viostor and metkvm's Digitally Signer,they are "Not
> Digitally signed"
> For balloon and vioser,they are "Red Hat Inc." " - do you mean the whole
> package or the driver binary?
> 
> It could be you have a mixture of driver versions on the system - packages that
> were WHQLed certified and new build that still wasn't certified and thus is
> signed with Red HAt signature only.
  
  Yes,I know it.
  Now,they aren't certified from MS but just like what you have said,they should be signed with 'Red Hat' signature only.the netkvm and viostor 's Digitally Signer are written as "Not Digitally signed" from Device Manager.
  I just think we had better let the driver's info preserve uniformity before they get the official signature.

  Thanks
  Min
Comment 5 Yvugenfi@redhat.com 2012-03-04 09:03:53 UTC 
Could you please post screen shoots?
Comment 6 Min Deng 2012-03-05 02:36:32 UTC 
(In reply to comment #5)
> Could you please post screen shoots?
Uploaded 4 screen shots for the netkvm,viostor,balloon and serial,a contrast is difference between netkvm/visotor and balloon/serial,which is clear when you compare them.Any issues please let me know,thank you.

Thanks
Min
Comment 7 Min Deng 2012-03-05 02:37:07 UTC 
Created attachment 567448 [details]
Netkvm
Comment 8 Min Deng 2012-03-05 02:37:39 UTC 
Created attachment 567449 [details]
viostor
Comment 9 Min Deng 2012-03-05 02:38:00 UTC 
Created attachment 567450 [details]
balloon
Comment 10 Min Deng 2012-03-05 02:38:28 UTC 
Created attachment 567451 [details]
serial
Comment 11 Yvugenfi@redhat.com 2012-03-05 13:59:45 UTC 
Created attachment 567623 [details]
Verification with sign tool
Comment 12 Yvugenfi@redhat.com 2012-03-05 14:01:27 UTC 
Created attachment 567624 [details]
Device manage and sigverif tool output
Comment 13 Yvugenfi@redhat.com 2012-03-05 14:04:59 UTC 
1. I will move the bug to won't fix 
2. At first i had the suspicion that we might have a problem with embedded signature of our drivers
3. I tested the packages with signtool and system with installed drivers with sigverif.exe tool. Both of them are not complaining. 
4. I also manually examined catalog file.
5. As this is for Wind2003 and also this is not the signature that we distribute to customer (customers get WHQL certified and signed drivers) - i am closing the bug as it is seams worthless to invest time in understanding old Windows OS behavior.

See attached files for verification output.