Hi Klaus, thnx a lot for your advice. It worked out perfectly well.
Mikhail On Tue, Mar 21, 2017 at 9:57 PM Klaus Espenlaub <[email protected]> wrote: > Hi Mikhail, > > > On 21.03.2017 19:03, Mikhail Kovalev wrote: > > Hi, > > we are trying to make a VirtualBox build for Windows 10 anniversary > update. We did sign all the drivers (all .sys files) at the Microsoft Dev > portal and the installation goes through without a problem. > However, when trying to start a VM, we always get an error "Failed to load > VMMR0.r0" with error code "VERR_LDR_IMAGE_HASH". > > It also needs to be signed, including page hash... suspect that the > partially misleading error code is due to the lack of page hashes, but > there's more, see below. > > The "vmmr0.r0" file is signed with our SHA2 cert (as well as all the other > installation files are, except for the drivers which are dual-signed by our > cert and by the Microsoft cert from Dev portal). In the Windows audit log I > see the message that the code integrity check for "vmmr0.r0" failed. If my > understanding of the code is correct, the file is being loaded via > "ZwSetSystemInformation". > So, does it have to be signed by the Dev portal as well? > > Exactly. It goes into the kernel, so the kernel signing rules apply. We're > not drilling holes into the signature checking rules of the Windows kernel. > > But it looks like the Dev portal will only sign the ".sys" files. Could > anyone give a hint on a possible solution here? > > How about using the low tech solution of renaming the file before > submitting and renaming it back afterwards? The signature doesn't include > the filename as such, only the file content... > > Unfortunately we don't have a signing cert that was issued before July 29, > 2015, so we cannot use the same "workaround" with the old cert as the > Oracle is using now for the VirtualBox releases. > > We're happy that we could go with this intermediate step, as we already > had to do enough magic when our previous cert expired. All this dev portal > stuff is not easy in big corps. We need to do this major miracle soon > enough. > > Klaus > > Thnx for any help, > Mikhail > > _______________________________________________ > vbox-dev mailing list > [email protected] > https://www.virtualbox.org/mailman/listinfo/vbox-dev >
_______________________________________________ vbox-dev mailing list [email protected] https://www.virtualbox.org/mailman/listinfo/vbox-dev
