|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [win-pv-devel] Windows 2008 boot problems with signed pv drivers 8.2
On 06/27/2017 12:14 PM, Paul Durrant wrote: -----Original Message----- From: win-pv-devel [mailto:win-pv-devel-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of Peter Milesson Sent: 26 June 2017 20:10 To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx Subject: [win-pv-devel] Windows 2008 boot problems with signed pv drivers 8.2 Hi folks, I had to install a DomU Windows 2008 server x64 SP2, to replace parts of the functionality of a physical server that suddenly died. I know it's old stuff, but this is needed in the meantime, until I get new servers. After installing all the Windows updates (around 230), I downloaded and installed the signed Windows PV drivers ver. 8.2, starting with xenbus, and following up with xenif, xenvbd, xenvif, and xennet. After reboot of the DomU, Windows Boot Manager window popped up after a while, saying: Windows failed to start. A recent hardware or software change blah, blah, blah... In the lower part of the screen it says: File: \Windows\system32\DRIVERS\xenbus.sys Status: 0xc0000428 Info: Windows cannot verify the digital signature for this file. Pressing Enter and booting with advanced options, I choose Disable Driver Signature Enforcement, and the OS boots normally. I've tried to use the common tricks for unsigned, or test signed drivers, but that has got no effect whatsoever. I use the same signed drivers successfully with Windows 7, and Windows 10. Anybody got an idea, how I can get it to boot without manual intervention each time?Peter, Unfortunately this is because Windows Server 2008 does not support anything other than SHA-1 code signing, and the 8.2 drivers are SHA-256 signed. (There are various web pages with information about this... https://www.globalsign.com/en/blog/microsoft-announces-updates-sha-1-code-signing-policy/ seems like a good example). To work around the problem you could try enabling test-signing... that should stop windows requiring a chain of trust for boot-start drivers without you needing to manually intervene on each boot. Cheers, Paul Thanks for your explanation Paul.I'll try to install the test signed drivers instead, and run it in test signed mode. It will bridge the gap until I get new hardware in a month. I wish you a nice day, Peter Best regards, Peter _______________________________________________ win-pv-devel mailing list win-pv-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/cgi-bin/mailman/listinfo/win-pv-devel _______________________________________________ win-pv-devel mailing list win-pv-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/cgi-bin/mailman/listinfo/win-pv-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |