[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [win-pv-devel] [Xen-devel] Windows PV drivers and Windows 10 / Windows Server 2016


  • To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Chris McClymont <chris@xxxxxxxxxxxx>
  • Date: Thu, 14 Dec 2017 12:59:58 +1100
  • Delivery-date: Thu, 14 Dec 2017 02:00:07 +0000
  • List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>

I've done a lot of installing of the 8.2.0 PV drivers recently on
Windows Server 2008, 2012 and 2016, without issue. I've only seen the
red untrusted warning when installing unsigned versions (either
compiled myself or the debug versions downloaded from the Xen
website).

I was curious after reading this thread if anything would be different
for Windows 10, because the Microsoft documentation certainly seems to
call out differences with Windows 10 that aren't specified for Server
2016:

From 
https://docs.microsoft.com/en-us/windows-hardware/drivers/develop/signing-a-driver-for-public-release:
"Starting in Windows 10, you also need to submit any new Windows 10
kernel mode driver for digital signing on the Windows Hardware
Developer Center Dashboard portal. Both kernel and user mode driver
submissions must have a valid Extended Validation (“EV”) Code Signing
Certificate."

I'm not sure how to tell from inspecting the files, but are they
signed through the Hardware Dashboard?

I tested the 8.2.0 release drivers with Windows 10 Home repeatedly
yesterday. Both immediately post install and after fully updating
through Windows update (version 1703, and version 1709 build
16299.125). I tried about 10 times. The drivers installed fine with no
signer warnings. 2 times in the fully updated version, the first
reboot after install would hang indefinitely with the Windows spinning
icon. A force shutdown and then boot had it working fine after that. I
couldn't figure out what this issue was for that. Most times it worked
fine.

> Re the Windows PV drivers - I've tried v8.2.0 on Windows 10, and it required
> me to put Windows into TEST MODE to still load the drivers. Bringing it out of
> test mode results in the Xen PV drivers being uninstalled.
Steven, I couldn't reproduce this problem. Can you give us the error
message or screenshot? (whatever stops you from installing the release
drivers in normal mode)
Regards,
Chris McClymont


On Wed, Dec 13, 2017 at 10:10 PM, Éliás Tamás <et@xxxxxxx> wrote:
> Hi.
>
>> While my response may be inappropriate, all
>> I can think is ffffuuuuuuuu (in teen rhetoric)! You have no idea how long 
>> I’ve been beating my head on this very issue. I have several Windows VMs and 
>> 90% of the time I am stuck rebooting and running CLI Tools that report no 
>> errors just
>
> I absolutely share your feelings, welcome in the club! :(
>
>
> to get it to come up again, right after Windows updates run. I have had
> several BSODs that that blame it on the Xen drivers. The amount of time
> wasted has been depressing at best. I’ve never found a solution other
> than pointless actions which work but have no rationale as to why they
> work.
>>
>> I know Steven well enough that if he can’t figure it out, there’s something 
>> to be concerned with.
>>
>> I’ll gladly share what I can on this thread.
>>
>>
>> Thanks,
>> Steffan Cline
>> steffan@xxxxxxxxx
>> 602-793-0014
>>
>>> On Dec 12, 2017, at 11:06 PM, Steven Haigh <netwiz@xxxxxxxxx> wrote:
>>>
>>> On Wednesday, 13 December 2017 2:20:54 AM AEDT Paul Durrant wrote:
>>>>> -----Original Message-----
>>>>> From: Steven Haigh [mailto:netwiz@xxxxxxxxx]
>>>>> Sent: 12 December 2017 15:12
>>>>> To: Paul Durrant <Paul.Durrant@xxxxxxxxxx>
>>>>> Cc: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
>>>>> Subject: Re: [Xen-devel] Windows PV drivers and Windows 10 / Windows
>>>>> Server 2016
>>>>>
>>>>>> On Wednesday, 13 December 2017 2:05:43 AM AEDT Paul Durrant wrote:
>>>>>>
>>>>>> Moving xen-devel to bcc and addressing win-pv-devel list...
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Xen-devel [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx] On
>>>>>
>>>>> Behalf
>>>>>
>>>>>>> Of Steven Haigh
>>>>>>> Sent: 12 December 2017 11:33
>>>>>>> To: xen-devel@xxxxxxxxxxxxx
>>>>>>> Subject: [Xen-devel] Windows PV drivers and Windows 10 / Windows
>>>>>
>>>>> Server
>>>>>
>>>>>>> 2016
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Re the Windows PV drivers - I've tried v8.2.0 on Windows 10, and it
>>>>>>> required
>>>>>
>>>>> me to put Windows into TEST MODE to still load the drivers.
>>>>>
>>>>>>> Bringing it out of test mode results in the Xen PV drivers being
>>>>>>> uninstalled.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I now have to create a Windows Server 2016 DomU and I'm wondering if
>>>>>>> there is
>>>>>>> any way without living in TEST MODE for the rest of its life to
>>>>>>> install
>>>>>>> the PV
>>>>>
>>>>> drivers?
>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> That is strange. The 8.2.0 drivers are release signed with an EV token
>>>>>> that
>>> should mean they deploy on Windows 10 without the need for
>>>>>> testsigning mode. It's possible Microsoft have changed something in
>>>>>> recent Windows 10... which version of Windows 10 are you using? (Also I
>>>>>> assume you downloaded drivers from
>>>>>> https://xenbits.xen.org/pvdrivers/win/8.2.0/). I just double checked
>>>>>> xenbus.sys and xenbus.cat and they are certainly both signed with the
>>>>>> correct certificate (Linux Foundation SHA256) and properly
>>>>>> time-stamped. Could you verify those files in your copy of the tarball?>
>>>>>
>>>>> Thanks Paul,
>>>>>
>>>>> I did actually just try installing the drivers on Windows Server 2016 -
>>>>> and
>>> was surprised that they installed without an issue.
>>>>>
>>>>> I did get the 8.2.0 drivers when we were trying Windows 10 - however work
>>>>> has
>>>>> requested I replace the Win10 VM with WS2016....
>>>>>
>>>>
>>>>
>>>> Did you somehow manage to get a copy of the drivers before they were 
>>>> release
>>>> signed? The tarballs *should* be dated 28th Feb 2017.
>>>
>>>>
>>>>> The install was from an ISO "Win10_1703_English_x64.iso" - and then
>>>>> upgraded
>>>>> to the latest release via Windows Update.
>>>>>
>>>>
>>>>
>>>> Ok. I've certainly let VMs go through that cycle and have not seen a
>>>> problem.
>>>
>>>>
>>>>> I turned on TEST SIGNING mode, rebooted Windows, installed the 8.2.0
>>>>> drivers,
>>>>> turned off TEST SIGNING mode and rebooted. Windows 10 then said it was
>>>>> recovering from a problem and once it was completed, the PV drivers were
>>>>> nowhere to be found.
>>>>>
>>>>
>>>>
>>>> Maybe Windows cleans up any driver installed whilst testsigning was on, 
>>>> even
>>>> if the driver was signed? Anyway, if the drivers are properly signed then
>>>> they should install cleanly without using testsigning mode. If you get some
>>>> sort of warning at that stage then the log in setupapi.dev.log (in
>>>> c:\windows\inf) can sometimes be enlightening as to the reason.
>>>
>>> At this point in time, I'm almost willing to put it down to Windows 10 being
>>> Windows.
>>>
>>> As I mentioned, things worked perfectly on Windows Server 2016 - no 
>>> untrusted
>>> driver installation prompts or other issues. I did get the red UNTRUSTED
>>> DRIVER bit on Windows 10 - and install failed the first time around until in
>>> the test signing mode. Maybe a certain update level needs to be reached 
>>> before
>>> it likes the PV signed drivers?
>>>
>>> Now Windows Server 2016 is stuck at installing a Windows Defender update -
>>> which I think is also just Windows being Windows :\
>>>
>>> --
>>> Steven Haigh
>>>
>>> 📧 netwiz@xxxxxxxxx       💻 http://www.crc.id.au
>>> 📞 +61 (3) 9001 6090    📱 0412 935 897
>>> _______________________________________________
>>> win-pv-devel mailing list
>>> win-pv-devel@xxxxxxxxxxxxxxxxxxxx
>>> https://lists.xenproject.org/mailman/listinfo/win-pv-devel
>>
>>
>> _______________________________________________
>> win-pv-devel mailing list
>> win-pv-devel@xxxxxxxxxxxxxxxxxxxx
>> https://lists.xenproject.org/mailman/listinfo/win-pv-devel
>>
>
> --
>
>
> Éliás Tamás
> Thomas Elias
>
> ETIT[nwpro] KFT, Ügyvezető-Hálózatbiztonsági specialista
> ETIT[nwpro] Ltd, General Manager-Network security specialist
>
> Tel. HU: +36/30-497-1626
> Tel. DE: +49/160-651-8723
> OpenPGP pubkey: http://etit.hu/doc/et-pub.asc
>
> Okleveles mérnök-informatikus (MSC)
> Master of Science in Information Technology (MSC)
> Licenced Penetration Tester (TM15-047)
>
> Kapcsolat: http://etit.hu/index.php/hu/kapcsolat
> Jogi nyilatkozat: http://etit.hu/disclaimer-email-hu.txt
> Contact: http://etit.hu/index.php/en/contact
> Disclaimer: http://etit.hu/disclaimer-email-en.txt
>
>
> _______________________________________________
> win-pv-devel mailing list
> win-pv-devel@xxxxxxxxxxxxxxxxxxxx
> https://lists.xenproject.org/mailman/listinfo/win-pv-devel

_______________________________________________
win-pv-devel mailing list
win-pv-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/win-pv-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.