Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add-WindowsDriver pvpanic-pci fails with: the request is not supported #1107

Closed
rgl opened this issue Jun 13, 2024 · 8 comments
Closed

Add-WindowsDriver pvpanic-pci fails with: the request is not supported #1107

rgl opened this issue Jun 13, 2024 · 8 comments
Assignees
Labels
Bug Bug

Comments

@rgl
Copy link

rgl commented Jun 13, 2024

Describe the bug

In a Windows 2022 machine, while building a Windows PE image mounted at $env:WINDOWS_PE_MOUNT_PATH, calling Add-WindowsDriver pvpanic-pci fails with the request is not supported error.

This also happens for the smbus.inf driver.

To Reproduce

Follow the procedure to mount the Windows PE (e.g. like done at https://github.com/rgl/windows-pe-vagrant/blob/master/provision-winpe.ps1), then try the following to include the pvpanic-pci driver into the mounted Windows PE image:

cd virtio-win-0.1.248\pvpanic\2k22\amd64
$driverPath = 'pvpanic-pci.inf'
Add-WindowsDriver -Path $env:WINDOWS_PE_MOUNT_PATH -Driver $driverPath`

Expected behavior

Expected the driver to be successfully added to the Windows PE image.

Host:

  • Disto: Windows 2022
  • Kernel version: n/a
  • QEMU version: 6.2.0 (Debian 1:6.2+dfsg-2ubuntu6.21) (from Ubuntu 22.04)
  • QEMU command line: n/a
  • libvirt version: n/a
  • libvirt XML file: n/a

VM:

  • Windows version: Windows 2022 Server.
  • Which driver has a problem: pvpanic-pci
  • Driver version or commit hash that was used to build the driver: n/a
@rgl rgl added the Bug Bug label Jun 13, 2024
@YanVugenfirer
Copy link
Collaborator

Please supply QEMU command line.

Also keep in mind that officially we are not supporting Windows PE. So it might take time for us to take a look at the issue.
Looks like Windows PE failing ACPI based devices.

@rgl
Copy link
Author

rgl commented Jun 16, 2024

Why is the qemu cmdline relevant? I mean, Add-Windows Driver is supposed to just add the driver to the windows driver store? Does it actually load the driver?

@YanVugenfirer
Copy link
Collaborator

So is this SW first scenario (adding driver without having HW device)?

@rgl
Copy link
Author

rgl commented Jun 16, 2024

Yes, the VM (which calls Add-WindowsDriver) that is creating the windows pe iso does not have all the virtio HW devices added to qemu.

The idea is to add all of the virtio drivers to the windows pe iso (and not to the VM that is creating the iso), that way, when windows pe runs, it has all the possible virtio drivers baked in.

@annie-li
Copy link
Contributor

I can reproduce this issue locally. It turns out the failure is due to the pvpanic-pci binary isn't signed/certified by Microsoft. I suppose WHQL test hasn't been run with pvpanic-pci driver, so the driver isn't signed together with pvpanic driver. This existing pvpanic-pci binary is signed with Redhat signature, this 3rd party signature doesn't satisfy "Add-WindowsDriver".
In this case, I would suggest to run WHQL test with pvpanic-pci driver and get it signed/certified by MS, or sign this pvpanic-pci driver by Windows Attestation Signing.

@vrozenfe
Copy link
Collaborator

The pvpanic-pci driver in virtio-win-0.1.248 is not attestation signed. Unfortunately, the upcoming public release virtio-win-0.1.262 (which should be available in a week) will also have the same problem. We will fix this issue in the next public release coming after that.

Vadim.

@YanVugenfirer
Copy link
Collaborator

@vrozenfe Can we close this issue?

@vrozenfe
Copy link
Collaborator

vrozenfe commented Dec 4, 2024

@YanVugenfirer
sure.
vrozenfe@milly:/run/media/vrozenfe/virtio-win-0.1.266/pvpanic$ tree -f * | grep -i pvpanic-pci
├── 2k16/amd64/pvpanic-pci.cat
├── 2k16/amd64/pvpanic-pci.inf
├── 2k19/amd64/pvpanic-pci.cat
├── 2k19/amd64/pvpanic-pci.inf
├── 2k22/amd64/pvpanic-pci.cat
├── 2k22/amd64/pvpanic-pci.inf
│   ├── 2k25/amd64/pvpanic-pci.cat
│   ├── 2k25/amd64/pvpanic-pci.inf
├── 2k25/ARM64/pvpanic-pci.cat
├── 2k25/ARM64/pvpanic-pci.inf
│   ├── w10/amd64/pvpanic-pci.cat
│   ├── w10/amd64/pvpanic-pci.inf
│   ├── w10/ARM64/pvpanic-pci.cat
│   ├── w10/ARM64/pvpanic-pci.inf
├── w10/x86/pvpanic-pci.cat
├── w10/x86/pvpanic-pci.inf
│   ├── w11/amd64/pvpanic-pci.cat
│   ├── w11/amd64/pvpanic-pci.inf
├── w11/ARM64/pvpanic-pci.cat
├── w11/ARM64/pvpanic-pci.inf

All of them should be attestation signed.

Best,
Vadim.

@vrozenfe vrozenfe closed this as completed Dec 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Bug
Projects
None yet
Development

No branches or pull requests

4 participants