Can't install 6.1.30 due to driver certificate issue

Discussions related to using VirtualBox on Windows hosts.
Post Reply
sgadsby
Posts: 10
Joined: 28. Nov 2019, 09:55

Can't install 6.1.30 due to driver certificate issue

Post by sgadsby »

Hi,

The installer for 6.1.30 is failing for me when attempting to install the VBoxUSB driver. setupapi.dev.log contains the following:

Code: Select all

     sto:      {DRIVERSTORE IMPORT VALIDATE} 10:11:00.799
     sig:           Driver package catalog is valid.
     sig:           {_VERIFY_FILE_SIGNATURE} 10:11:00.830
     sig:                Key      = VBoxUSB.inf
     sig:                FilePath = C:\WINDOWS\System32\DriverStore\Temp\{c5b0212e-a86e-3a4e-b8da-26e8ae4340e8}\VBoxUSB.inf
     sig:                Catalog  = C:\WINDOWS\System32\DriverStore\Temp\{c5b0212e-a86e-3a4e-b8da-26e8ae4340e8}\VBoxUSB.cat
!    sig:                Verifying file against specific (valid) catalog failed.
!    sig:                [color=#FF0000]Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.[/color]
     sig:           {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 10:11:00.848
     sig:           {_VERIFY_FILE_SIGNATURE} 10:11:00.848
     sig:                Key      = VBoxUSB.inf
     sig:                FilePath = C:\WINDOWS\System32\DriverStore\Temp\{c5b0212e-a86e-3a4e-b8da-26e8ae4340e8}\VBoxUSB.inf
     sig:                Catalog  = C:\WINDOWS\System32\DriverStore\Temp\{c5b0212e-a86e-3a4e-b8da-26e8ae4340e8}\VBoxUSB.cat
!    sig:                Verifying file against specific Authenticode(tm) catalog failed.
!    sig:                Error 0x800b0110: The certificate is not valid for the requested usage.
     sig:           {_VERIFY_FILE_SIGNATURE exit(0x800b0110)} 10:11:00.865
!!!  sig:           An unexpected error occurred while validating driver package. Catalog = VBoxUSB.cat, Error = 0x800B0110
!!!  sig:           Driver package is considered unsigned, and Code Integrity is enforced.
!!!  sig:           Driver package failed signature validation. Error = 0x800B0110
     sto:      {DRIVERSTORE IMPORT VALIDATE: exit(0x800b0110)} 10:11:00.865
When I look at VBoxUSB.cat I see it has a sha1 as well as a sha256 cert (is this valid?) and the sha256 cert shows this:
No signature was present in the subject
Google suggests the following:
Microsoft explains that the issue occurs due to an “improperly formatted catalog identified during validation by Windows. Starting with this release, Windows will require the validity of DER format encoded Public-Key Cryptography Standards (PKCS) #7 content in catalog files. Catalog files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690”
Is it possible the signatures on this .cat are not quite right?

Anyone else seeing this? It could be my system - Windows 11 Insider Preview Dev build.

Cheers,
Simon.
sgadsby
Posts: 10
Joined: 28. Nov 2019, 09:55

Re: Can't install 6.1.30 due to driver certificate issue

Post by sgadsby »

FYI I reverted from W11 Dev to W11 Beta and it installed successfully.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Can't install 6.1.30 due to driver certificate issue

Post by scottgus1 »

This info would probably be good a a post on the Bugtracker. The devs might have missed something.

Please post the ticket link here when you make the ticket.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Can't install 6.1.30 due to driver certificate issue

Post by scottgus1 »

Thanks very much!
Ang_elo
Posts: 9
Joined: 22. Oct 2021, 09:11

Re: Can't install 6.1.30 due to driver certificate issue

Post by Ang_elo »

sgadsby wrote:FYI I reverted from W11 Dev to W11 Beta and it installed successfully.
I had the same issue, I'm on Dev Channel, and I disabled the "driver signature enforcement"
After that everything is working as expected.

Angelo
sgadsby
Posts: 10
Joined: 28. Nov 2019, 09:55

Re: Can't install 6.1.30 due to driver certificate issue

Post by sgadsby »

Ang_elo wrote:I had the same issue, I'm on Dev Channel, and I disabled the "driver signature enforcement"
After that everything is working as expected.
Thanks. I guess the question is whether this indicates a problem with the way the driver is signed or whether it is expected in this scenario.
Post Reply