Bug 190131 - VirtIO Windows Drivers doesn't support SecureBoot.
Summary: VirtIO Windows Drivers doesn't support SecureBoot.
Status: NEW
Alias: None
Product: Virtualization
Classification: Unclassified
Component: kvm (show other bugs)
Hardware: x86-64 Linux
: P1 normal
Assignee: virtualization_kvm
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-12 07:50 UTC by okudayukiko0
Modified: 2020-06-28 11:04 UTC (History)
3 users (show)

See Also:
Kernel Version: 4.4.0
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description okudayukiko0 2016-12-12 07:50:17 UTC 
VirtIO Windows Drivers doesn't support SecureBoot(SecureBoot via OVMF).Windows will prompt "Invalid Digital Signature" when install VirtIO Drivers(Such as NetKVM,VirtIO SCSI drivers) in Windows.
Comment 1 heri16 2020-06-25 11:38:31 UTC 
Any updates on this? I am also seeing the error during boot if SecureBoot via OVMF is enabled.

According to MS new driver signing policy, Windows 10 1607 and newer versions require the drivers to be signed via their Dev Portal. Cross-signed drivers, will not load when Secure Boot is enabled in the BIOS. Fedora's virtio drivers are cross-signed and therefore were not being loaded.

https://docs.microsoft.com/en-us/windows-hardware/drivers/install/kernel-mode-code-signing-policy--windows-vista-and-later-
Comment 2 vkuznets 2020-06-26 14:15:26 UTC 
The drivers need to be WHQL or attestation signed to work with UEFI/Secure Boot. If you're using upstream drivers available through e.g. fedoraproject.org it definitely will not work. Please see https://docs.fedoraproject.org/en-US/quick-docs/creating-windows-virtual-machines-using-virtio-drivers/index.html
Comment 3 Vadim Rozenfeld 2020-06-28 11:04:21 UTC 
Please see the following RH bug for your reference 
https://bugzilla.redhat.com/show_bug.cgi?id=1844726
Note You need to log in before you can comment on or make changes to this bug.