Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2059448

Summary:	[virtio-win-prewhql] Lack of redhat signature on virtio-win-prewhql-216 drivers
Product:	Red Hat Enterprise Linux 9	Reporter:	xiagao
Component:	virtio-win	Assignee:	Vadim Rozenfeld <vrozenfe>
virtio-win sub component:	virtio-win-prewhql	QA Contact:	xiagao
Status:	CLOSED CURRENTRELEASE	Docs Contact:
Severity:	high
Priority:	medium	CC:	coli, demeng, jinzhao, juzhang, lijin, mdean, phou, qizhu, vrozenfe
Version:	9.0	Keywords:	Triaged
Target Milestone:	rc	Flags:	pm-rhel: mirror+
Target Release:	---
Hardware:	x86_64
OS:	Windows
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2023-08-08 06:37:21 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description xiagao 2022-03-01 03:46:09 UTC

Description of problem:
For virtio-win-prewhql-216,all drivers have no redhat signature and certificate,therefore we can't install os on viostor/vioscsi device.
Although we have some workaround to make it running,such as enable test-signing or install os on an ide disk, but it will take more effort on automation update and totally can't test signature related test cases.

Version-Release number of selected component (if applicable):
qemu-kvm-6.2.0-9.el9.x86_64
kernel-5.14.0-56.el9.x86_64
virtio-win-prewhql-216

How reproducible:
100%

Steps to Reproduce:
1.Can't install 216 drivers unless enable test-signing.
2.For unattended install,also need to enable test-signing, but we still have some problems for win11 guest.
3.

Actual results:

Expected results:
Have signature and certificate on prewhql drivers

Comment 1 Peixiu Hou 2022-03-01 08:11:00 UTC

Also with this bug to check all driver's signtool check job failed issue.

Comment 2 Peixiu Hou 2022-04-29 08:08:08 UTC

Hi Vadim,

For vioscsi whql test with virtio-win-prewhql-218, the job "DF-Embedded Signature Verification Test" failed as "The Driver C:\Windows\System32\drivers\vioscsi.sys is not a signed driver".

Since the vioscsi is a boot start type driver, so this job will check the signature.
For some not boot start type driver, this job can be passed, log like "Test is not applicable. The Driver virtiofsdrv is a non boot start type driver"

Do we need to file a separate bug for this? 

Thanks~
Peixiu

Comment 3 Vadim Rozenfeld 2022-05-02 07:53:23 UTC

(In reply to Peixiu Hou from comment #2)
> Hi Vadim,
> 
> For vioscsi whql test with virtio-win-prewhql-218, the job "DF-Embedded
> Signature Verification Test" failed as "The Driver
> C:\Windows\System32\drivers\vioscsi.sys is not a signed driver".
> 
> Since the vioscsi is a boot start type driver, so this job will check the
> signature.
> For some not boot start type driver, this job can be passed, log like "Test
> is not applicable. The Driver virtiofsdrv is a non boot start type driver"
> 
> Do we need to file a separate bug for this? 
> 
> Thanks~
> Peixiu

Hi Peixiu,
Yes, please file a ne bug for this issue.
Btw, did you try to install the test certificate on the testing system
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/installing-test-certificates ?

You are right, viofs.sys druver  is not a boot start driver. It should be started on demand
as declared in viofs.inf file:
StartType      = 3               ; SERVICE_DEMAND_START

Best,
Vadim.

Comment 4 Peixiu Hou 2022-05-16 22:15:50 UTC

There are 2 auto jobs failed as this bug when do virtio-scsi function test:

Hit on all windows guests

Job name:
073-Host_RHEL.m9.u0.qcow2.virtio_scsi.up.virtio_net.Guest.Win8.i386.1.io-github-autotest-qemu.win_virtio_driver_update_test.with_vioscsi.during_bg_test.uninstall_install.q35

076-Host_RHEL.m9.u0.qcow2.virtio_scsi.up.virtio_net.Guest.Win8.i386.1.io-github-autotest-qemu.win_sigverif.with_vioscsi.q35

Used versions:
kernel-5.14.0-70.13.1.el9_0.x86_64
qemu-kvm-6.2.0-11.el9_0.2.x86_64
seabios-bin-1.15.0-1.el9.noarch
virtio-win-prewhql-0.1-218.iso

Thanks~
Peixiu

Comment 5 xiagao 2022-06-09 01:08:58 UTC

Vadim, could you help set DTM for this bug.Thanks a lot.