Description of problem: Windows2008, Windows 2008R2 and Windows 7 can not install the viostor.sys driver because of an invalid signature. The signature was found to be signed ads SHA256 where in prior versions it was SHA1. Version-Release number of selected component (if applicable): virtio-win-0.1.185-2 How reproducible: 100% Steps to Reproduce: 1. Use device manager to update the viostor.sys driver to the 0.1.185-2 version. 2. You will be warned that the driver is not properly signed. 3. If you proceed and install the driver anyway the guest will fail to boot. Actual results: Guest fails to boot. Expected results: Guest should boot. Additional info: I have confirmed that the signature in the 171 and the newer 190 version are both SHA1 and these versions do allow the guest to boot.
Unfortunately, SHA-1 code signing is not provided anymore starting July 2019 https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus at the same time RH has no SHA-2 to sign Win7/WS2008(R2) drivers, so we've decided to discontinue building pre-Win8 drivers, but continue shipping the "last good known" SHA-1 signed drivers in the future virtio-win packages. As you already mentioned, 185-2 has all pre-Win8 drivers signed with SHA-256 signature and should not be used for installing or updating drivers on Win7/WS2008(R2) platforms. This problem was fixed in the most recent packages as 190-1 for example (https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.190-1) where for Win7/WS2008(R2) platforms we use SHA-1 signed drivers from build 174. I suggest closing this bug as wantfix. Regards, Vadim.
Thank you for the explanation. I agree that this bug should be closed as wontfix.