Bug 798498 - [virtio-win] NetKVM and viostor drivers are not signed properly in pre-WHQLed build
Summary: [virtio-win] NetKVM and viostor drivers are not signed properly in pre-WHQLed...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: virtio-win
Version: 6.3
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: rc
: ---
Assignee: Yvugenfi@redhat.com
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-29 03:42 UTC by Min Deng
Modified: 2012-03-05 14:46 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-05 14:04:59 UTC
Target Upstream Version:


Attachments (Terms of Use)
Netkvm (41.57 KB, image/png)
2012-03-05 02:37 UTC, Min Deng
no flags Details
viostor (41.24 KB, image/png)
2012-03-05 02:37 UTC, Min Deng
no flags Details
balloon (43.17 KB, image/png)
2012-03-05 02:38 UTC, Min Deng
no flags Details
serial (43.19 KB, image/png)
2012-03-05 02:38 UTC, Min Deng
no flags Details
Verification with sign tool (868.32 KB, image/png)
2012-03-05 13:59 UTC, Yvugenfi@redhat.com
no flags Details
Device manage and sigverif tool output (130.89 KB, image/png)
2012-03-05 14:01 UTC, Yvugenfi@redhat.com
no flags Details

Description Min Deng 2012-02-29 03:42:03 UTC
Description of problem:
a.File version on NetKvm's property page is a little different with others
b.The Digitally signer should be uniform for the four drivers

Version-Release number of selected component (if applicable):
virtio-win-prewhql-0.1-23

How reproducible:
Always
Steps to Reproduce:
Part one,
1.install virtio-win-prewhql-0.1-23 on windows 2k3-64 guest
2.open c:\windows\system32\drivers\netkvm.sys
3.right click on it and check the file version,
  It shows like 52.63.103.2300 but others (balloon,vioser,viostor) show as 52.63.103.2300 built by:WinDDK.

Part two,
For viostor and metkvm's Digitally Signer,they are "Not Digitally signed"
For balloon and vioser,they are "Red Hat Inc." 
 
Actual results:

Expected results:

Additional info:

Comment 2 Yvugenfi@redhat.com 2012-02-29 12:22:56 UTC
I think we should separate this report into two separate bugs:

1. Problem with digital signature during build:
All the drivers should be digitally signed during the build.
Please report on what exact guest OSes the lack of digital signature was found. This is a severe problem and should be assigned to release engineering. Drivers without signature could not be used on x64 guests starting from Vista and cannot be WHQLed certified.

2. Version text - this is a very minor issue.
Probably we should remove "built by:WinDDK" string.

Comment 3 Yvugenfi@redhat.com 2012-02-29 12:25:00 UTC
I might be a little bit confused:

When you say : "For viostor and metkvm's Digitally Signer,they are "Not Digitally signed"
For balloon and vioser,they are "Red Hat Inc." " - do you mean the whole package or the driver binary?

It could be you have a mixture of driver versions on the system - packages that were WHQLed certified and new build that still wasn't certified and thus is signed with Red HAt signature only.

Comment 4 Min Deng 2012-03-01 04:08:24 UTC
(In reply to comment #3)
> I might be a little bit confused:
> 
> When you say : "For viostor and metkvm's Digitally Signer,they are "Not
> Digitally signed"
> For balloon and vioser,they are "Red Hat Inc." " - do you mean the whole
> package or the driver binary?
> 
> It could be you have a mixture of driver versions on the system - packages that
> were WHQLed certified and new build that still wasn't certified and thus is
> signed with Red HAt signature only.
  
  Yes,I know it.
  Now,they aren't certified from MS but just like what you have said,they should be signed with 'Red Hat' signature only.the netkvm and viostor 's Digitally Signer are written as "Not Digitally signed" from Device Manager.
  I just think we had better let the driver's info preserve uniformity before they get the official signature.

  Thanks
  Min

Comment 5 Yvugenfi@redhat.com 2012-03-04 09:03:53 UTC
Could you please post screen shoots?

Comment 6 Min Deng 2012-03-05 02:36:32 UTC
(In reply to comment #5)
> Could you please post screen shoots?
Uploaded 4 screen shots for the netkvm,viostor,balloon and serial,a contrast is difference between netkvm/visotor and balloon/serial,which is clear when you compare them.Any issues please let me know,thank you.

Thanks
Min

Comment 7 Min Deng 2012-03-05 02:37:07 UTC
Created attachment 567448 [details]
Netkvm

Comment 8 Min Deng 2012-03-05 02:37:39 UTC
Created attachment 567449 [details]
viostor

Comment 9 Min Deng 2012-03-05 02:38:00 UTC
Created attachment 567450 [details]
balloon

Comment 10 Min Deng 2012-03-05 02:38:28 UTC
Created attachment 567451 [details]
serial

Comment 11 Yvugenfi@redhat.com 2012-03-05 13:59:45 UTC
Created attachment 567623 [details]
Verification with sign tool

Comment 12 Yvugenfi@redhat.com 2012-03-05 14:01:27 UTC
Created attachment 567624 [details]
Device manage and sigverif tool output

Comment 13 Yvugenfi@redhat.com 2012-03-05 14:04:59 UTC
1. I will move the bug to won't fix 
2. At first i had the suspicion that we might have a problem with embedded signature of our drivers
3. I tested the packages with signtool and system with installed drivers with sigverif.exe tool. Both of them are not complaining. 
4. I also manually examined catalog file.
5. As this is for Wind2003 and also this is not the signature that we distribute to customer (customers get WHQL certified and signed drivers) - i am closing the bug as it is seams worthless to invest time in understanding old Windows OS behavior.

See attached files for verification output.


Note You need to log in before you can comment on or make changes to this bug.