Bug 1013066 - [virtio-win], [balloon][vioscsi][vioserial][viostor] drivers are not digitally signed for win2012
[virtio-win], [balloon][vioscsi][vioserial][viostor] drivers are not digitall...
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: virtio-win (Show other bugs)
6.5
x86_64 Windows
high Severity high
: rc
: ---
Assigned To: Vadim Rozenfeld
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-27 14:31 EDT by Shawn Duex
Modified: 2013-11-30 03:39 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-30 03:39:49 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
file layout of virtio-win-1.6.5.iso (122.59 KB, image/jpeg)
2013-10-09 17:41 EDT, Shawn Duex
no flags Details
file layout of c:\temp\drivers (95.38 KB, image/jpeg)
2013-10-09 17:42 EDT, Shawn Duex
no flags Details

  None (edit)
Description Shawn Duex 2013-09-27 14:31:56 EDT
Description of problem: Using Windows Server 2012. I am getting a not digitally signed error on all drivers except NetKVM.


Version-Release number of selected component (if applicable):
VirtIO 1.6.5-6

How reproducible:
100%


Steps to Reproduce:
1.Run Microsoft DISM tool to add Virt IO drivers to install media

C:\Users\Administrator>dism /image:C:\temp\mount /add-driver /driver:c:\temp\dri
vers\ /recurse

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.2.9200.16384

Searching for driver packages to install...
Found 5 driver package(s) to install.
Installing 1 of 5 - c:\temp\drivers\2012\Balloon\2k12\amd64\balloon.inf: Error -
 The driver package contains x64 boot-critical drivers, but the drivers are not
properly signed.
Use the /forceunsigned option to install the drivers.
Installing 2 of 5 - c:\temp\drivers\2012\NetKVM\2k12\amd64\netkvm.inf: The drive
r package was successfully installed.
Installing 3 of 5 - c:\temp\drivers\2012\vioscsi\2k12\amd64\vioscsi.inf: Error -
 The driver package contains x64 boot-critical drivers, but the drivers are not
properly signed.
Use the /forceunsigned option to install the drivers.
Installing 4 of 5 - c:\temp\drivers\2012\vioserial\2k12\amd64\vioser.inf: Error
- The driver package contains x64 boot-critical drivers, but the drivers are not
 properly signed.
Use the /forceunsigned option to install the drivers.
Installing 5 of 5 - c:\temp\drivers\2012\viostor\2k12\amd64\viostor.inf: Error -
 The driver package contains x64 boot-critical drivers, but the drivers are not
properly signed.
Use the /forceunsigned option to install the drivers.

Error: 50

The command completed with errors. For more information, refer to the log file.

The DISM log file can be found at C:\Windows\Logs\DISM\dism.log

Actual results:
Drivers do not get installed unless /forceunsigned flag is passed

Expected results:
Drivers are installed without error

Additional info:
DISM.log entries:

2013-09-27 09:52:29, Error                 DISM   DISM Driver Manager: PID=2988 TID=1668 Cannot install non-signed boot-critical drivers on amd64 images. Use /forceunsigned switch to override. c:\temp\drivers\2012\Balloon\2k12\amd64\balloon.inf - CDriverManager::CheckClientAddDriverScenarios(hr:0x80070032)
2013-09-27 09:52:29, Info                  DISM   DISM Driver Manager: PID=2988 TID=1668 Successfully proccessed driver package 'c:\temp\drivers\2012\NetKVM\2k12\amd64\netkvm.inf'. - CDriverPackage::InstallEx
2013-09-27 09:52:29, Error                 DISM   DISM Driver Manager: PID=2988 TID=1668 Cannot install non-signed boot-critical drivers on amd64 images. Use /forceunsigned switch to override. c:\temp\drivers\2012\vioscsi\2k12\amd64\vioscsi.inf - CDriverManager::CheckClientAddDriverScenarios(hr:0x80070032)
2013-09-27 09:52:29, Error                 DISM   DISM Driver Manager: PID=2988 TID=1668 Cannot install non-signed boot-critical drivers on amd64 images. Use /forceunsigned switch to override. c:\temp\drivers\2012\vioserial\2k12\amd64\vioser.inf - CDriverManager::CheckClientAddDriverScenarios(hr:0x80070032)
2013-09-27 09:52:29, Error                 DISM   DISM Driver Manager: PID=2988 TID=1668 Cannot install non-signed boot-critical drivers on amd64 images. Use /forceunsigned switch to override. c:\temp\drivers\2012\viostor\2k12\amd64\viostor.inf - CDriverManager::CheckClientAddDriverScenarios(hr:0x80070032)
Comment 2 Mike Cao 2013-09-28 22:41:08 EDT
(In reply to Shawn Duex from comment #0)
> Description of problem: Using Windows Server 2012. I am getting a not
> digitally signed error on all drivers except NetKVM.
> 
> 
> Version-Release number of selected component (if applicable):
> VirtIO 1.6.5-6
> 
> How reproducible:
> 100%
> 
> 
> Steps to Reproduce:
> 1.Run Microsoft DISM tool to add Virt IO drivers to install media
> 
> C:\Users\Administrator>dism /image:C:\temp\mount /add-driver
> /driver:c:\temp\dri
> vers\ /recurse
> 
> Deployment Image Servicing and Management tool
> Version: 6.1.7600.16385
> 
> Image Version: 6.2.9200.16384
> 
> Searching for driver packages to install...
> Found 5 driver package(s) to install.
> Installing 1 of 5 - c:\temp\drivers\2012\Balloon\2k12\amd64\balloon.inf:
> Error -
>  The driver package contains x64 boot-critical drivers, but the drivers are
> not
> properly signed.
> Use the /forceunsigned option to install the drivers.
> Installing 2 of 5 - c:\temp\drivers\2012\NetKVM\2k12\amd64\netkvm.inf: The
> drive
> r package was successfully installed.
> Installing 3 of 5 - c:\temp\drivers\2012\vioscsi\2k12\amd64\vioscsi.inf:
> Error -
>  The driver package contains x64 boot-critical drivers, but the drivers are
> not
> properly signed.
> Use the /forceunsigned option to install the drivers.
> Installing 4 of 5 - c:\temp\drivers\2012\vioserial\2k12\amd64\vioser.inf:
> Error
> - The driver package contains x64 boot-critical drivers, but the drivers are
> not
>  properly signed.
> Use the /forceunsigned option to install the drivers.
> Installing 5 of 5 - c:\temp\drivers\2012\viostor\2k12\amd64\viostor.inf:
> Error -
>  The driver package contains x64 boot-critical drivers, but the drivers are
> not
> properly signed.
> Use the /forceunsigned option to install the drivers.
> 
> Error: 50
> 
> The command completed with errors. For more information, refer to the log
> file.
> 
> The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
> 
> Actual results:
> Drivers do not get installed unless /forceunsigned flag is passed
> 
> Expected results:
> Drivers are installed without error
> 
> Additional info:
> DISM.log entries:
> 
> 2013-09-27 09:52:29, Error                 DISM   DISM Driver Manager:
> PID=2988 TID=1668 Cannot install non-signed boot-critical drivers on amd64
> images. Use /forceunsigned switch to override.
> c:\temp\drivers\2012\Balloon\2k12\amd64\balloon.inf -
> CDriverManager::CheckClientAddDriverScenarios(hr:0x80070032)
> 2013-09-27 09:52:29, Info                  DISM   DISM Driver Manager:
> PID=2988 TID=1668 Successfully proccessed driver package
> 'c:\temp\drivers\2012\NetKVM\2k12\amd64\netkvm.inf'. -
> CDriverPackage::InstallEx
> 2013-09-27 09:52:29, Error                 DISM   DISM Driver Manager:
> PID=2988 TID=1668 Cannot install non-signed boot-critical drivers on amd64
> images. Use /forceunsigned switch to override.
> c:\temp\drivers\2012\vioscsi\2k12\amd64\vioscsi.inf -
> CDriverManager::CheckClientAddDriverScenarios(hr:0x80070032)
> 2013-09-27 09:52:29, Error                 DISM   DISM Driver Manager:
> PID=2988 TID=1668 Cannot install non-signed boot-critical drivers on amd64
> images. Use /forceunsigned switch to override.
> c:\temp\drivers\2012\vioserial\2k12\amd64\vioser.inf -
> CDriverManager::CheckClientAddDriverScenarios(hr:0x80070032)
> 2013-09-27 09:52:29, Error                 DISM   DISM Driver Manager:
> PID=2988 TID=1668 Cannot install non-signed boot-critical drivers on amd64
> images. Use /forceunsigned switch to override.
> c:\temp\drivers\2012\viostor\2k12\amd64\viostor.inf -
> CDriverManager::CheckClientAddDriverScenarios(hr:0x80070032)

That's strange ,All drivers has passed whql certification before we push it to the public , I will check this issue later .
BTW,Can you paste the output of # SignTool.exe verify /v /kp /c <driver>.cat <driver>.sys  ?
Comment 3 Vadim Rozenfeld 2013-09-29 04:04:07 EDT
Mike is absolutely right.
Shawn, where did you get all these drivers from?
Did you build the drivers by yourself?

Thanks,
Vadim.
Comment 4 Shawn Duex 2013-09-30 17:14:10 EDT
Hello guys,

The drivers I am using came from this RPM virtio-win-1.6.5-6.el6_4.noarch.rpm. The RPM includes a ISO with the windows drivers virtio-win-1.6.5.iso. I extracted this iso and am trying to use the drivers included. Please find the output of the SignTool command line request.

C:\share\3M\VirtIO-Win-1.6.5-6\2012\Balloon\2k12\amd64>dir
 Volume in drive C has no label.
 Volume Serial Number is EC4F-88D7

 Directory of C:\share\3M\VirtIO-Win-1.6.5-6\2012\Balloon\2k12\amd64

09/30/2013  02:01 PM    <DIR>          .
09/30/2013  02:01 PM    <DIR>          ..
06/28/2013  01:44 AM            11,352 balloon.cat
06/28/2013  01:44 AM             3,060 balloon.inf
06/28/2013  01:44 AM           863,232 balloon.pdb
06/28/2013  01:44 AM            36,552 balloon.sys
06/28/2013  01:44 AM            27,432 blnsvr.exe
06/28/2013  01:44 AM           822,272 blnsvr.pdb
07/14/2009  10:10 PM           237,376 signtool.exe
06/28/2013  01:44 AM         1,795,952 WdfCoInstaller01011.dll
               8 File(s)      3,797,228 bytes
               2 Dir(s)   6,785,417,216 bytes free

C:\share\3M\VirtIO-Win-1.6.5-6\2012\Balloon\2k12\amd64>signtool.exe verify /v /kp /c balloon.cat balloon.sys

Verifying: balloon.sys
SignTool Error: File not found in the specified catalog.
SignTool Error: File not valid: balloon.sys

Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1

C:\share\3M\VirtIO-Win-1.6.5-6\2012\Balloon\2k12\amd64>

Removing the flag for the catalog file.
C:\share\3M\VirtIO-Win-1.6.5-6\2012\Balloon\2k12\amd64>signtool.exe verify /v /kp balloon.cat balloon.sys

Verifying: balloon.cat
Hash of file (sha256): A6A9172BBD224B36757E62E7827647840A8AA13ED7AE5DFE158CC57F7202E000

Signing Certificate Chain:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sat Jun 23 15:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Windows Third Party Component CA 2012
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Sun Apr 18 16:58:38 2027
        SHA1 hash: 77A10EBF07542725218CD83A01B521C57BC67F73

            Issued to: Microsoft Windows Hardware Compatibility Publisher
            Issued by: Microsoft Windows Third Party Component CA 2012
            Expires:   Wed Sep 18 15:58:07 2013
            SHA1 hash: 3E9C8940ADB3ED3950F378D6052BBC5BFE81205E

The signature is timestamped: Mon Jan 21 13:26:45 2013
Timestamp Verified by:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sat Jun 23 15:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Time-Stamp PCA 2010
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Tue Jul 01 14:46:55 2025
        SHA1 hash: 2AA752FE64C49ABE82913C463529CF10FF2F04EE

            Issued to: Microsoft Time-Stamp Service
            Issued by: Microsoft Time-Stamp PCA 2010
            Expires:   Tue Apr 09 14:45:34 2013
            SHA1 hash: 75C4C17C025218C637BCB9BB85D16CB07145211A

SignTool Error: Signing Cert does not chain to a Microsoft Root Cert.

Verifying: balloon.sys
Hash of file (sha1): CC6196AE4446E33849C1D1B5FAA066E5B3EBAE53

Signing Certificate Chain:
    Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
    Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
    Expires:   Wed Jul 16 16:59:59 2036
    SHA1 hash: 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

        Issued to: VeriSign Class 3 Code Signing 2010 CA
        Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
        Expires:   Fri Feb 07 16:59:59 2020
        SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F

            Issued to: Red Hat, Inc.
            Issued by: VeriSign Class 3 Code Signing 2010 CA
            Expires:   Sat Nov 28 16:59:59 2015
            SHA1 hash: 1B4E5E00774E3E6B6D4C58A63FFB54E0771F5C25

The signature is timestamped: Wed Jan 16 04:14:20 2013
Timestamp Verified by:
    Issued to: Thawte Timestamping CA
    Issued by: Thawte Timestamping CA
    Expires:   Thu Dec 31 16:59:59 2020
    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

        Issued to: Symantec Time Stamping Services CA - G2
        Issued by: Thawte Timestamping CA
        Expires:   Wed Dec 30 16:59:59 2020
        SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1

            Issued to: Symantec Time Stamping Services Signer - G4
            Issued by: Symantec Time Stamping Services CA - G2
            Expires:   Tue Dec 29 16:59:59 2020
            SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4

Cross Certificate Chain:
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 06:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
        Issued by: Microsoft Code Verification Root
        Expires:   Mon Feb 22 12:35:17 2021
        SHA1 hash: 57534CCC33914C41F70E2CBB2103A1DB18817D8B

            Issued to: VeriSign Class 3 Code Signing 2010 CA
            Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
            Expires:   Fri Feb 07 16:59:59 2020
            SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F

                Issued to: Red Hat, Inc.
                Issued by: VeriSign Class 3 Code Signing 2010 CA
                Expires:   Sat Nov 28 16:59:59 2015
                SHA1 hash: 1B4E5E00774E3E6B6D4C58A63FFB54E0771F5C25

Successfully verified: balloon.sys

Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 1

C:\share\3M\VirtIO-Win-1.6.5-6\2012\Balloon\2k12\amd64>

C:\share\3M\VirtIO-Win-1.6.5-6\2012\vioscsi\2k12\amd64>signtool.exe verify /v /kp vioscsi.cat vioscsi.sys

Verifying: vioscsi.cat
Hash of file (sha256): 77A7F23C6D4BD1CEC8746B117A21055C9CC983C500701D9713E5D128914604C1

Signing Certificate Chain:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sat Jun 23 15:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Windows Third Party Component CA 2012
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Sun Apr 18 16:58:38 2027
        SHA1 hash: 77A10EBF07542725218CD83A01B521C57BC67F73

            Issued to: Microsoft Windows Hardware Compatibility Publisher
            Issued by: Microsoft Windows Third Party Component CA 2012
            Expires:   Wed Sep 18 15:58:07 2013
            SHA1 hash: 3E9C8940ADB3ED3950F378D6052BBC5BFE81205E

The signature is timestamped: Mon Jan 21 12:26:37 2013
Timestamp Verified by:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sat Jun 23 15:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Time-Stamp PCA 2010
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Tue Jul 01 14:46:55 2025
        SHA1 hash: 2AA752FE64C49ABE82913C463529CF10FF2F04EE

            Issued to: Microsoft Time-Stamp Service
            Issued by: Microsoft Time-Stamp PCA 2010
            Expires:   Mon May 20 15:39:22 2013
            SHA1 hash: 125DAF5264765D160F6BE16480AAEF9AF9BE0BDC

SignTool Error: Signing Cert does not chain to a Microsoft Root Cert.

Verifying: vioscsi.sys
Hash of file (sha1): 2224DB65A4EAFE15E4213BFAF8EB57AEFA7B0972

Signing Certificate Chain:
    Issued to: Class 3 Public Primary Certification Authority
    Issued by: Class 3 Public Primary Certification Authority
    Expires:   Wed Aug 02 16:59:59 2028
    SHA1 hash: A1DB6393916F17E4185509400415C70240B0AE6B

        Issued to: VeriSign Class 3 Code Signing 2009-2 CA
        Issued by: Class 3 Public Primary Certification Authority
        Expires:   Mon May 20 16:59:59 2019
        SHA1 hash: 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3

            Issued to: Red Hat, Inc.
            Issued by: VeriSign Class 3 Code Signing 2009-2 CA
            Expires:   Wed Mar 27 16:59:59 2013
            SHA1 hash: 0ECAAC1E5E354447B4982E509F11D12DB28371A6

The signature is timestamped: Thu Nov 29 04:41:11 2012
Timestamp Verified by:
    Issued to: Thawte Timestamping CA
    Issued by: Thawte Timestamping CA
    Expires:   Thu Dec 31 16:59:59 2020
    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

        Issued to: VeriSign Time Stamping Services CA
        Issued by: Thawte Timestamping CA
        Expires:   Tue Dec 03 16:59:59 2013
        SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D

            Issued to: Symantec Time Stamping Services Signer - G3
            Issued by: VeriSign Time Stamping Services CA
            Expires:   Mon Dec 31 16:59:59 2012
            SHA1 hash: 8FD99D63FB3AFBD534A4F6E31DACD27F59504021

Cross Certificate Chain:
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 06:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: Class 3 Public Primary Certification Authority
        Issued by: Microsoft Code Verification Root
        Expires:   Mon May 23 10:11:29 2016
        SHA1 hash: 58455389CF1D0CD6A08E3CE216F65ADFF7A86408

            Issued to: VeriSign Class 3 Code Signing 2009-2 CA
            Issued by: Class 3 Public Primary Certification Authority
            Expires:   Mon May 20 16:59:59 2019
            SHA1 hash: 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3

                Issued to: Red Hat, Inc.
                Issued by: VeriSign Class 3 Code Signing 2009-2 CA
                Expires:   Wed Mar 27 16:59:59 2013
                SHA1 hash: 0ECAAC1E5E354447B4982E509F11D12DB28371A6

Successfully verified: vioscsi.sys

Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 1

C:\share\3M\VirtIO-Win-1.6.5-6\2012\vioscsi\2k12\amd64>

C:\share\3M\VirtIO-Win-1.6.5-6\2012\vioserial\2k12\amd64>signtool.exe verify /v /kp vioser.cat vioser.sys

Verifying: vioser.cat
Hash of file (sha256): 2CD7587532EA40FEFBD30A1EDEE1569114716282550D5EE9792A5BBD08ED3A6E

Signing Certificate Chain:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sat Jun 23 15:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Windows Third Party Component CA 2012
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Sun Apr 18 16:58:38 2027
        SHA1 hash: 77A10EBF07542725218CD83A01B521C57BC67F73

            Issued to: Microsoft Windows Hardware Compatibility Publisher
            Issued by: Microsoft Windows Third Party Component CA 2012
            Expires:   Wed Sep 18 15:58:07 2013
            SHA1 hash: 3E9C8940ADB3ED3950F378D6052BBC5BFE81205E

The signature is timestamped: Mon Jun 24 09:47:09 2013
Timestamp Verified by:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sat Jun 23 15:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Time-Stamp PCA 2010
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Tue Jul 01 14:46:55 2025
        SHA1 hash: 2AA752FE64C49ABE82913C463529CF10FF2F04EE

            Issued to: Microsoft Time-Stamp Service
            Issued by: Microsoft Time-Stamp PCA 2010
            Expires:   Fri Jun 27 13:13:15 2014
            SHA1 hash: 174A03DAC10EA3F9367819E6F8453606580326BC

SignTool Error: Signing Cert does not chain to a Microsoft Root Cert.

Verifying: vioser.sys
Hash of file (sha1): 2A03619A1E64104E919861C965CD4A01CBB7D40D

Signing Certificate Chain:
    Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
    Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
    Expires:   Wed Jul 16 16:59:59 2036
    SHA1 hash: 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

        Issued to: VeriSign Class 3 Code Signing 2010 CA
        Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
        Expires:   Fri Feb 07 16:59:59 2020
        SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F

            Issued to: Red Hat, Inc.
            Issued by: VeriSign Class 3 Code Signing 2010 CA
            Expires:   Sat Nov 28 16:59:59 2015
            SHA1 hash: 1B4E5E00774E3E6B6D4C58A63FFB54E0771F5C25

The signature is timestamped: Mon Jun 03 02:44:13 2013
Timestamp Verified by:
    Issued to: Thawte Timestamping CA
    Issued by: Thawte Timestamping CA
    Expires:   Thu Dec 31 16:59:59 2020
    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

        Issued to: Symantec Time Stamping Services CA - G2
        Issued by: Thawte Timestamping CA
        Expires:   Wed Dec 30 16:59:59 2020
        SHA1 hash: 6C07453FFDDA08B83707C09B82FB3D15F35336B1

            Issued to: Symantec Time Stamping Services Signer - G4
            Issued by: Symantec Time Stamping Services CA - G2
            Expires:   Tue Dec 29 16:59:59 2020
            SHA1 hash: 65439929B67973EB192D6FF243E6767ADF0834E4

Cross Certificate Chain:
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 06:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
        Issued by: Microsoft Code Verification Root
        Expires:   Mon Feb 22 12:35:17 2021
        SHA1 hash: 57534CCC33914C41F70E2CBB2103A1DB18817D8B

            Issued to: VeriSign Class 3 Code Signing 2010 CA
            Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
            Expires:   Fri Feb 07 16:59:59 2020
            SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F

                Issued to: Red Hat, Inc.
                Issued by: VeriSign Class 3 Code Signing 2010 CA
                Expires:   Sat Nov 28 16:59:59 2015
                SHA1 hash: 1B4E5E00774E3E6B6D4C58A63FFB54E0771F5C25

Successfully verified: vioser.sys

Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 1

C:\share\3M\VirtIO-Win-1.6.5-6\2012\vioserial\2k12\amd64>

C:\share\3M\VirtIO-Win-1.6.5-6\2012\viostor\2k12\amd64>signtool.exe verify /v /kp viostor.cat viostor.sys

Verifying: viostor.cat
Hash of file (sha256): 848FFAB3E9534EA7C08C4D61570C875998976ABB29F5D401A974642FB7544125

Signing Certificate Chain:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sat Jun 23 15:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Windows Third Party Component CA 2012
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Sun Apr 18 16:58:38 2027
        SHA1 hash: 77A10EBF07542725218CD83A01B521C57BC67F73

            Issued to: Microsoft Windows Hardware Compatibility Publisher
            Issued by: Microsoft Windows Third Party Component CA 2012
            Expires:   Wed Sep 18 15:58:07 2013
            SHA1 hash: 3E9C8940ADB3ED3950F378D6052BBC5BFE81205E

The signature is timestamped: Mon Jan 21 11:56:38 2013
Timestamp Verified by:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sat Jun 23 15:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Time-Stamp PCA 2010
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Tue Jul 01 14:46:55 2025
        SHA1 hash: 2AA752FE64C49ABE82913C463529CF10FF2F04EE

            Issued to: Microsoft Time-Stamp Service
            Issued by: Microsoft Time-Stamp PCA 2010
            Expires:   Tue Apr 09 14:45:37 2013
            SHA1 hash: C9231E0C550F956D32EADD6E731A173831F345FF

SignTool Error: Signing Cert does not chain to a Microsoft Root Cert.

Verifying: viostor.sys
Hash of file (sha1): AA120DDBAFAD96A18AD0A134B01FA465FF5273F9

Signing Certificate Chain:
    Issued to: Class 3 Public Primary Certification Authority
    Issued by: Class 3 Public Primary Certification Authority
    Expires:   Wed Aug 02 16:59:59 2028
    SHA1 hash: A1DB6393916F17E4185509400415C70240B0AE6B

        Issued to: VeriSign Class 3 Code Signing 2009-2 CA
        Issued by: Class 3 Public Primary Certification Authority
        Expires:   Mon May 20 16:59:59 2019
        SHA1 hash: 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3

            Issued to: Red Hat, Inc.
            Issued by: VeriSign Class 3 Code Signing 2009-2 CA
            Expires:   Wed Mar 27 16:59:59 2013
            SHA1 hash: 0ECAAC1E5E354447B4982E509F11D12DB28371A6

The signature is timestamped: Thu Nov 29 04:41:14 2012
Timestamp Verified by:
    Issued to: Thawte Timestamping CA
    Issued by: Thawte Timestamping CA
    Expires:   Thu Dec 31 16:59:59 2020
    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

        Issued to: VeriSign Time Stamping Services CA
        Issued by: Thawte Timestamping CA
        Expires:   Tue Dec 03 16:59:59 2013
        SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D

            Issued to: Symantec Time Stamping Services Signer - G3
            Issued by: VeriSign Time Stamping Services CA
            Expires:   Mon Dec 31 16:59:59 2012
            SHA1 hash: 8FD99D63FB3AFBD534A4F6E31DACD27F59504021

Cross Certificate Chain:
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 06:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: Class 3 Public Primary Certification Authority
        Issued by: Microsoft Code Verification Root
        Expires:   Mon May 23 10:11:29 2016
        SHA1 hash: 58455389CF1D0CD6A08E3CE216F65ADFF7A86408

            Issued to: VeriSign Class 3 Code Signing 2009-2 CA
            Issued by: Class 3 Public Primary Certification Authority
            Expires:   Mon May 20 16:59:59 2019
            SHA1 hash: 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3

                Issued to: Red Hat, Inc.
                Issued by: VeriSign Class 3 Code Signing 2009-2 CA
                Expires:   Wed Mar 27 16:59:59 2013
                SHA1 hash: 0ECAAC1E5E354447B4982E509F11D12DB28371A6

Successfully verified: viostor.sys

Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 1

C:\share\3M\VirtIO-Win-1.6.5-6\2012\viostor\2k12\amd64>

So looking at this output I think the issue is with all the .cat files not having the cert chain to microsoft root cert.

Please let me know if you need any additional information.
Comment 5 Mike Cao 2013-10-01 06:28:55 EDT
(In reply to Shawn Duex from comment #4)
> Hello guys,
> 
> 
> So looking at this output I think the issue is with all the .cat files not
> having the cert chain to microsoft root cert.
> 
> Please let me know if you need any additional information.

Thanks for your feedback ,I will try to reproduce it
Comment 6 Vadim Rozenfeld 2013-10-01 07:13:56 EDT
Hi Shawn,
you must be using wrong toolchain.

Win8/Win2012 serial, balloon, block and scsi driver were signed with signtool
from Win8 WDK. You should use signtool from Win8 WDK if you want to verify the signature.

It is what you see when checking with signtool from WDK7.1

Verifying: viostor.cat
Hash of file (sha256): 848FFAB3E9534EA7C08C4D61570C875998976ABB29F5D401A974642FB7544125

Signing Certificate Chain:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sun Jun 24 08:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Windows Third Party Component CA 2012
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Mon Apr 19 09:58:38 2027
        SHA1 hash: 77A10EBF07542725218CD83A01B521C57BC67F73

            Issued to: Microsoft Windows Hardware Compatibility Publisher
            Issued by: Microsoft Windows Third Party Component CA 2012
            Expires:   Thu Sep 19 08:58:07 2013
            SHA1 hash: 3E9C8940ADB3ED3950F378D6052BBC5BFE81205E

The signature is timestamped: Tue Jan 22 04:56:38 2013
Timestamp Verified by:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sun Jun 24 08:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Time-Stamp PCA 2010
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Wed Jul 02 07:46:55 2025
        SHA1 hash: 2AA752FE64C49ABE82913C463529CF10FF2F04EE

            Issued to: Microsoft Time-Stamp Service
            Issued by: Microsoft Time-Stamp PCA 2010
            Expires:   Wed Apr 10 07:45:37 2013
            SHA1 hash: C9231E0C550F956D32EADD6E731A173831F345FF


Verifying: viostor.sys
Hash of file (sha1): AA120DDBAFAD96A18AD0A134B01FA465FF5273F9

Signing Certificate Chain:
    Issued to: Class 3 Public Primary Certification Authority
    Issued by: Class 3 Public Primary Certification Authority
    Expires:   Wed Aug 02 09:59:59 2028
    SHA1 hash: 742C3192E607E424EB4549542BE1BBC53E6174E2

        Issued to: VeriSign Class 3 Code Signing 2009-2 CA
        Issued by: Class 3 Public Primary Certification Authority
        Expires:   Tue May 21 09:59:59 2019
        SHA1 hash: 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3

            Issued to: Red Hat, Inc.
            Issued by: VeriSign Class 3 Code Signing 2009-2 CA
            Expires:   Thu Mar 28 09:59:59 2013
            SHA1 hash: 0ECAAC1E5E354447B4982E509F11D12DB28371A6

The signature is timestamped: Thu Nov 29 21:41:14 2012
Timestamp Verified by:
    Issued to: Thawte Timestamping CA
    Issued by: Thawte Timestamping CA
    Expires:   Fri Jan 01 09:59:59 2021
    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

        Issued to: VeriSign Time Stamping Services CA
        Issued by: Thawte Timestamping CA
        Expires:   Wed Dec 04 09:59:59 2013
        SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D

            Issued to: Symantec Time Stamping Services Signer - G3
            Issued by: VeriSign Time Stamping Services CA
            Expires:   Tue Jan 01 09:59:59 2013
            SHA1 hash: 8FD99D63FB3AFBD534A4F6E31DACD27F59504021

Cross Certificate Chain:
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 23:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: Class 3 Public Primary Certification Authority
        Issued by: Microsoft Code Verification Root
        Expires:   Tue May 24 03:11:29 2016
        SHA1 hash: 58455389CF1D0CD6A08E3CE216F65ADFF7A86408

            Issued to: VeriSign Class 3 Code Signing 2009-2 CA
            Issued by: Class 3 Public Primary Certification Authority
            Expires:   Tue May 21 09:59:59 2019
            SHA1 hash: 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3

                Issued to: Red Hat, Inc.
                Issued by: VeriSign Class 3 Code Signing 2009-2 CA
                Expires:   Thu Mar 28 09:59:59 2013
                SHA1 hash: 0ECAAC1E5E354447B4982E509F11D12DB28371A6

Successfully verified: viostor.sys

Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 1



But it is what you should see when using the right signtool from WDK8

Verifying: viostor.cat
Signature Index: 0 (Primary Signature)
Hash of file (sha256): 848FFAB3E9534EA7C08C4D61570C875998976ABB29F5D401A974642FB7544125

Signing Certificate Chain:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sun Jun 24 08:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Windows Third Party Component CA 2012
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Mon Apr 19 09:58:38 2027
        SHA1 hash: 77A10EBF07542725218CD83A01B521C57BC67F73

            Issued to: Microsoft Windows Hardware Compatibility Publisher
            Issued by: Microsoft Windows Third Party Component CA 2012
            Expires:   Thu Sep 19 08:58:07 2013
            SHA1 hash: 3E9C8940ADB3ED3950F378D6052BBC5BFE81205E

The signature is timestamped: Tue Jan 22 04:56:38 2013
Timestamp Verified by:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sun Jun 24 08:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Time-Stamp PCA 2010
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Wed Jul 02 07:46:55 2025
        SHA1 hash: 2AA752FE64C49ABE82913C463529CF10FF2F04EE

            Issued to: Microsoft Time-Stamp Service
            Issued by: Microsoft Time-Stamp PCA 2010
            Expires:   Wed Apr 10 07:45:37 2013
            SHA1 hash: C9231E0C550F956D32EADD6E731A173831F345FF

Cross Certificate Chain:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010
    Expires:   Sun Jun 24 08:04:01 2035
    SHA1 hash: 3B1EFD3A66EA28B16697394703A72CA340A05BD5

        Issued to: Microsoft Windows Third Party Component CA 2012
        Issued by: Microsoft Root Certificate Authority 2010
        Expires:   Mon Apr 19 09:58:38 2027
        SHA1 hash: 77A10EBF07542725218CD83A01B521C57BC67F73

            Issued to: Microsoft Windows Hardware Compatibility Publisher
            Issued by: Microsoft Windows Third Party Component CA 2012
            Expires:   Thu Sep 19 08:58:07 2013
            SHA1 hash: 3E9C8940ADB3ED3950F378D6052BBC5BFE81205E


Successfully verified: viostor.cat

Verifying: viostor.sys
Signature Index: 0 (Primary Signature)
Hash of file (sha1): AA120DDBAFAD96A18AD0A134B01FA465FF5273F9

Signing Certificate Chain:
    Issued to: Class 3 Public Primary Certification Authority
    Issued by: Class 3 Public Primary Certification Authority
    Expires:   Wed Aug 02 09:59:59 2028
    SHA1 hash: 742C3192E607E424EB4549542BE1BBC53E6174E2

        Issued to: VeriSign Class 3 Code Signing 2009-2 CA
        Issued by: Class 3 Public Primary Certification Authority
        Expires:   Tue May 21 09:59:59 2019
        SHA1 hash: 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3

            Issued to: Red Hat, Inc.
            Issued by: VeriSign Class 3 Code Signing 2009-2 CA
            Expires:   Thu Mar 28 09:59:59 2013
            SHA1 hash: 0ECAAC1E5E354447B4982E509F11D12DB28371A6

The signature is timestamped: Thu Nov 29 21:41:14 2012
Timestamp Verified by:
    Issued to: Thawte Timestamping CA
    Issued by: Thawte Timestamping CA
    Expires:   Fri Jan 01 09:59:59 2021
    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

        Issued to: VeriSign Time Stamping Services CA
        Issued by: Thawte Timestamping CA
        Expires:   Wed Dec 04 09:59:59 2013
        SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D

            Issued to: Symantec Time Stamping Services Signer - G3
            Issued by: VeriSign Time Stamping Services CA
            Expires:   Tue Jan 01 09:59:59 2013
            SHA1 hash: 8FD99D63FB3AFBD534A4F6E31DACD27F59504021

Cross Certificate Chain:
    Issued to: Microsoft Code Verification Root
    Issued by: Microsoft Code Verification Root
    Expires:   Sat Nov 01 23:54:03 2025
    SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3

        Issued to: Class 3 Public Primary Certification Authority
        Issued by: Microsoft Code Verification Root
        Expires:   Tue May 24 03:11:29 2016
        SHA1 hash: 58455389CF1D0CD6A08E3CE216F65ADFF7A86408

            Issued to: VeriSign Class 3 Code Signing 2009-2 CA
            Issued by: Class 3 Public Primary Certification Authority
            Expires:   Tue May 21 09:59:59 2019
            SHA1 hash: 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3

                Issued to: Red Hat, Inc.
                Issued by: VeriSign Class 3 Code Signing 2009-2 CA
                Expires:   Thu Mar 28 09:59:59 2013
                SHA1 hash: 0ECAAC1E5E354447B4982E509F11D12DB28371A6


Successfully verified: viostor.sys

Number of files successfully Verified: 2
Number of warnings: 0
Number of errors: 0


Best regards,
Vadim.
Comment 7 Mike Cao 2013-10-08 01:18:15 EDT
(In reply to Mike Cao from comment #5)
> (In reply to Shawn Duex from comment #4)
> > Hello guys,
> > 
> > 
> > So looking at this output I think the issue is with all the .cat files not
> > having the cert chain to microsoft root cert.
> > 
> > Please let me know if you need any additional information.
> 
> Thanks for your feedback ,I will try to reproduce it

I can not reproduce your issue .Seems Vadim is right .

in your output ,it shows :
Signing Certificate Chain:
    Issued to: Microsoft Root Certificate Authority 2010
    Issued by: Microsoft Root Certificate Authority 2010

While during my testing ,it shows :
Signing Certificate Chain:
    Issued to: Class 3 Public Primary Certification Authority
    Issued by: Class 3 Public Primary Certification Authority

Could you help to check it ?
Comment 8 Shawn Duex 2013-10-08 13:36:22 EDT
Hello,

I did verify the drivers using signtool from the Windows 8.0 SDK and have the same results as you guys the drivers look OK. However, per my initial issue filed, the drivers are still causing an error when trying to add them to add them off-line to the Windows Server 2012 install media via the DISM.exe tool. Please see this support page on the tool - http://technet.microsoft.com/en-us/library/hh825070.aspx

When adding the drivers I am still getting errors on all drivers other than the NIC driver. Please see the output below:

C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools>dism /image:C:\temp\mount /add-driver /driver:c:\temp\drivers\ /recurse

Deployment Image Servicing and Management tool
Version: 6.2.9200.16384

Image Version: 6.2.9200.16384

Searching for driver packages to install...
Found 5 driver package(s) to install.
Installing 1 of 5 - c:\temp\drivers\Balloon\2k12\amd64\balloon.inf: Error - The driver package contains x64 boot-critical drivers, but the drivers are not properly signed.
Use the /forceunsigned option to install the drivers.
Installing 2 of 5 - c:\temp\drivers\NetKVM\2k12\amd64\netkvm.inf: The driver package was successfully installed.
Installing 3 of 5 - c:\temp\drivers\vioscsi\2k12\amd64\vioscsi.inf: Error - The driver package contains x64 boot-critical drivers, but the drivers are not properly signed.
Use the /forceunsigned option to install the drivers.
Installing 4 of 5 - c:\temp\drivers\vioserial\2k12\amd64\vioser.inf: Error - The driver package contains x64 boot-critical drivers, but the drivers are not properly signed.
Use the /forceunsigned option to install the drivers.
Installing 5 of 5 - c:\temp\drivers\viostor\2k12\amd64\viostor.inf: Error - The driver package contains x64 boot-critical drivers, but the drivers are not properly signed.
Use the /forceunsigned option to install the drivers.

Error: 50

The command completed with errors. For more information, refer to the log file.

The DISM log file can be found at C:\Windows\Logs\DISM\dism.log

C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools>

As you can see I am using the DISM tool from the Windows 8 ADK. I saw the same issue when using the 8.1 ADK - http://technet.microsoft.com/en-us/library/hh824947.aspx. It looks like the digital signature check being done by DISM during driver-add is not passing.
Comment 9 Shawn Duex 2013-10-08 18:01:28 EDT
reading this more closely - http://technet.microsoft.com/en-us/library/hh825070.aspx I see what the issue is. "To add drivers to a Windows® 8 image offline, you must use a technician computer running Windows 8, Windows Server® 2012, or Windows® Preinstallation Environment (Windows PE) 4.0. Driver signature verification may fail when you add a driver to a Windows 8 image offline from a technician computer running any other operating system." I am running these tools on Windows 7. Sorry for wasting everyones time.
Comment 10 Shawn Duex 2013-10-08 18:40:19 EDT
output using Windows Server 2012:

C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment
 Tools>dism /image:C:\temp\mount /add-driver /driver:c:\temp\drivers\ /recurse

Deployment Image Servicing and Management tool
Version: 6.3.9600.16384

Image Version: 6.2.9200.16384

Searching for driver packages to install...
Found 5 driver package(s) to install.
Installing 1 of 5 - c:\temp\drivers\Balloon\2k12\amd64\balloon.inf: The driver package was successfully installed.
Installing 2 of 5 - c:\temp\drivers\NetKVM\2k12\amd64\netkvm.inf: The driver package was successfully installed.
Installing 3 of 5 - c:\temp\drivers\vioscsi\2k12\amd64\vioscsi.inf: The driver package was successfully installed.
Installing 4 of 5 - c:\temp\drivers\vioserial\2k12\amd64\vioser.inf: The driver package was successfully installed.
Installing 5 of 5 - c:\temp\drivers\viostor\2k12\amd64\viostor.inf: The driver package was successfully installed.
The operation completed successfully.

C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools>

Please close this bug.
Comment 11 Mike Cao 2013-10-08 22:43:30 EDT
(In reply to Shawn Duex from comment #10)
> output using Windows Server 2012:
> 
> C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment
> Kit\Deployment
>  Tools>dism /image:C:\temp\mount /add-driver /driver:c:\temp\drivers\
> /recurse
> 
> 

Hi, Shawn

Could you attach the layout under C:\temp\mount and C:\temp\Drivers ?

Thanks,
Mike
Comment 12 Shawn Duex 2013-10-09 17:39:50 EDT
Mike,

I am using Windows Server 2012 volume license media. I have copied the entire media to c:\temp\windows2012iso\ on my machine. Then using dism I am getting the wim information for c:\temp\windows2012iso\sources\boot.wim

C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools>dism /get-wiminfo /wimfile:C:\Temp\Windows2012ISO\sources\boot.wim

Deployment Image Servicing and Management tool
Version: 6.2.9200.16384

Details for image : C:\Temp\Windows2012ISO\sources\boot.wim

Index : 1
Name : Microsoft Windows PE (x64)
Description : Microsoft Windows PE (x64)
Size : 1,187,717,208 bytes

Index : 2
Name : Microsoft Windows Setup (x64)
Description : Microsoft Windows Setup (x64)
Size : 1,255,862,012 bytes

The operation completed successfully.

C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools>

I am then mounting boot.wim index 2 to c:\mount


C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools>dism /Mount-Wim /WimFile:C:\Temp\Windows2012ISO\sources\boot.wim /Index:2 /MountDir:c:\temp\mount

c:\temp\mount is unmodified until I add the drivers recursively with dism

the c:\temp\drivers folder contains the same directory structure as virtio-win-1.6.5.iso but only the 2k12 folders as they are the drivers I am after.
Comment 13 Shawn Duex 2013-10-09 17:41:31 EDT
Created attachment 810195 [details]
file layout of virtio-win-1.6.5.iso
Comment 14 Shawn Duex 2013-10-09 17:42:37 EDT
Created attachment 810196 [details]
file layout of c:\temp\drivers
Comment 15 Shawn Duex 2013-10-09 17:43:29 EDT
Mike, please see the attachments for the file layouts you requested.
Comment 16 Vadim Rozenfeld 2013-11-30 03:39:49 EST
closing the bug based on comment #c10

Note You need to log in before you can comment on or make changes to this bug.