[ModEdit; related ticket: #17524: Various VBox binaries use a SHA1-timestamped SHA2 signature]
This morning [2018-02-02] I found I could not start any VMs on a VirtualBox installation that has been working fine for months. Unfortunately I don't have a screencap of the error, but I believe it was related to VMM trust issues.
I tried to download and install 5.2.6 fresh (which uninstalled my existing copy, hence no screencap available), and installation fails. The log shows:
Code: Select all
DIFXAPP: ERROR: Signature verification failed while checking integrity of driver package 'VBoxDrv.inf' ('C:\Program Files\Oracle\VirtualBox\drivers\vboxdrv\VBoxDrv.inf'). (Error code 0x800B0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.)
DIFXAPP: INFO: Successfully removed '{D3E2F2BB-569F-46A2-836C-BDF30FF1EDF8}' from reference list of driver store entry ''
DIFXAPP: INFO: RETURN: DriverPackageInstallW (0x800B0100)
DIFXAPP: ERROR: encountered while installing driver package 'C:\Program Files\Oracle\VirtualBox\drivers\vboxdrv\VBoxDrv.inf'
DIFXAPP: ERROR: InstallDriverPackages failed with error 0x800B0100
DIFXAPP: RETURN: InstallDriverPackages() 2148204800 (0x800B0100)
CustomAction MsiInstallDrivers returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
Action ended 7:40:19: InstallFinalize. Return value 3.
Strangely, I notice the cert that signed the installer is for "Oracle Corporation" and has serial "5cf22fe92eaf604593c8d97addc473c1", and Windows seems fine with that one. I'm not sure why the SHA256 signature on the drivers is using a different certificate.
I don't receive the prompt to always trust software from Oracle that I sometimes saw on older installers.
Running Win 10, 1709, 16299.192. The installer I downloaded (VirtualBox-5.2.6-120293-Win.exe) has SHA265 da7bbcc9806a3f574f1faed5381c6e116b10a7bbb4779913d5446e49fe08fd7d.