nvd3dumx.dll certificate not valid
Re: nvd3dumx.dll certificate not valid
Yep, still got a bad cert after installing 451.85
00:00:03.580501 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: rc=VERR_CR_X509_CPV_NOT_VALID_AT_TIME fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0ca4d193b971e28\nvldumdx.dll: Certificate is not valid (ValidTime=2020-07-24T02:26:23.000000000Z Validity=[2018-07-18T17:42:53.000000000Z...2019-07-18T17:42:53.000000000Z]): \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0ca4d193b971e28\nvldumdx.dll
00:00:03.580501 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: rc=VERR_CR_X509_CPV_NOT_VALID_AT_TIME fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0ca4d193b971e28\nvldumdx.dll: Certificate is not valid (ValidTime=2020-07-24T02:26:23.000000000Z Validity=[2018-07-18T17:42:53.000000000Z...2019-07-18T17:42:53.000000000Z]): \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0ca4d193b971e28\nvldumdx.dll
-
- Posts: 312
- Joined: 21. Apr 2010, 10:39
- Primary OS: MS Windows 7
- VBox Version: PUEL
- Guest OSses: Windows XP, 8, 10, Android x86
Re: nvd3dumx.dll certificate not valid
fth0 wrote:Where exactly is this stated?jacobd wrote:NVIDIA are advising that their digital signing is not incorrect
NVIDIA still used the expired certificate when signing the 451.85 NVIDIA drivers.jacobd wrote:New NVIDIA hotfix driver just released
Note that I don't take sides regarding this topic. NVIDIA and Oracle both do things that are debatable, and both could do better IMHO. I'm just trying to stick to the facts.
At the present time, there is no way to obtain digital authority certificates from microsoft to countersign a new signature, thats why they are using the nvidia pe corp signature that they are (as the countersignature has a longer timestamp validity).
This is apparently going to remain as such until microsoft employee's begin working in office again.
-
- Volunteer
- Posts: 5677
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: nvd3dumx.dll certificate not valid
Thanks for the explanation (what's the information source?), but it only partially makes sense to me:squall leonhart wrote:At the present time, there is no way to obtain digital authority certificates from microsoft to countersign a new signature, thats why they are using the nvidia pe corp signature that they are (as the countersignature has a longer timestamp validity).
Up to now, I only checked the leaf certificates (CN = NVIDIA Corporation-PE-Prod-Sha1) that both aren't valid any more. I didn't bother to look at the intermediate certificates (CN = NVIDIA Subordinate CA 2018-Prod-Sha1 and CN = NVIDIA Subordinate CA 2019-Prod-Sha1), from which the older one is still valid (up to 2023). Why would NVIDIA need a new intermediate certificate from the root CA (CN = Microsoft Digital Media Authority 2005) then? Why can't they just issue a new leaf certificate themselves?
Regarding code signing, I still think that signatures may only be created during the validity period of the leaf certificate. Only the signature verification can be carried out anytime afterwards. What makes you think otherwise?
Re: nvd3dumx.dll certificate not valid
New NVIDIA drivers: 452.06 released if anyone wants to take a look and see if issue persists.
-
- Posts: 5
- Joined: 15. Feb 2018, 08:20
Re: nvd3dumx.dll certificate not valid
Sadly, the issue persists.jacobd wrote:New NVIDIA drivers: 452.06 released if anyone wants to take a look and see if issue persists.
Seems that Nvidia are still using a faulty cert.
supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\nvldumdx.dll' (C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\nvldumdx.dll): rcNt=0xc0000190
Re: nvd3dumx.dll certificate not valid
Sad news - thanks for checking though. It might be worth anyone affected by this issue to submit or re-submit a feedback form to Nvidia: https://forms.gle/kJ9Bqcaicvjb82SdAC_User_007 wrote:Sadly, the issue persists.jacobd wrote:New NVIDIA drivers: 452.06 released if anyone wants to take a look and see if issue persists.
Seems that Nvidia are still using a faulty cert.
supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\nvldumdx.dll' (C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\nvldumdx.dll): rcNt=0xc0000190
Maybe if they get a few reports early in the release cycle it will trigger some action.
It seems the Virtualbox bug ticket here https://www.virtualbox.org/ticket/19743 hasn't been looked at as yet.
-
- Posts: 312
- Joined: 21. Apr 2010, 10:39
- Primary OS: MS Windows 7
- VBox Version: PUEL
- Guest OSses: Windows XP, 8, 10, Android x86
Re: nvd3dumx.dll certificate not valid
The cert is not faulty, Oracles backwards --- signature validation is.
Even the last Fermi drivers are now broken because Oracle is not validating all signatures present.
Even the last Fermi drivers are now broken because Oracle is not validating all signatures present.
Last edited by scottgus1 on 27. Aug 2020, 19:22, edited 1 time in total.
Reason: removed expletive
Reason: removed expletive
Re: nvd3dumx.dll certificate not valid
New Nvidia hotfix driver out: https://nvidia.custhelp.com/app/answers ... 0014925836
And of course VirtualBox 6.1.14 has just been released.
From scanning the release notes for both I can't see any indication this issue might be resolved, but in case someone wants to test.
And of course VirtualBox 6.1.14 has just been released.
From scanning the release notes for both I can't see any indication this issue might be resolved, but in case someone wants to test.
Re: nvd3dumx.dll certificate not valid
New nvidia drivers just released - 456.38: https://www.nvidia.com/en-us/drivers/results/163531/
Re: nvd3dumx.dll certificate not valid
Tried the VirtualBox 6.1.14 version with 456.38 nvidia drivers, and the certificate is still invalid, thus 3D acceleration is not working.
Re: nvd3dumx.dll certificate not valid
Sad times, but thanks for checking! I guess all we can do is continue to log the issue with Nvidia as well. You can find their driver feedback form here: https://forms.gle/kJ9Bqcaicvjb82SdAwikiti wrote:Tried the VirtualBox 6.1.14 version with 456.38 nvidia drivers, and the certificate is still invalid, thus 3D acceleration is not working.
Would encourage anyone experiencing the issue to fill this out, even if you've done it in the past.
Re: nvd3dumx.dll certificate not valid
New NVIDIA driver 456.55 released, can't see anything obvious in the release notes but in case someone would like to test.
As a side note, I assume this issue means that 3d acceleration will not work with the NVIDIA RTX 30 series of video cards just released, as that hardware requires recent versions of their drivers.
As a side note, I assume this issue means that 3d acceleration will not work with the NVIDIA RTX 30 series of video cards just released, as that hardware requires recent versions of their drivers.
Re: nvd3dumx.dll certificate not valid
Certificate is still invalid for 456.55.jacobd wrote:New NVIDIA driver 456.55 released, can't see anything obvious in the release notes but in case someone would like to test.
As a side note, I assume this issue means that 3d acceleration will not work with the NVIDIA RTX 30 series of video cards just released, as that hardware requires recent versions of their drivers.
Re: nvd3dumx.dll certificate not valid
NVIDIA hotfix driver 456.71 released:
https://nvidia.custhelp.com/app/answers ... /kw/456.71
It might be worth trying both the standard and DCH versions of the drivers if someone hasn't already. It could be just the same stuff in a different package, but maybe the signatures vary?
This has an explanation about the differences: https://nvidia.custhelp.com/app/answers ... /a_id/4777
https://nvidia.custhelp.com/app/answers ... /kw/456.71
It might be worth trying both the standard and DCH versions of the drivers if someone hasn't already. It could be just the same stuff in a different package, but maybe the signatures vary?
This has an explanation about the differences: https://nvidia.custhelp.com/app/answers ... /a_id/4777
-
- Posts: 5
- Joined: 4. Oct 2020, 10:53
Re: nvd3dumx.dll certificate not valid
NVidia can't fix anything. Because Microsoft doesn't deliver a new one.
The problem is NVidia's Intermediate Certification Certificate
When will this finally be fixed? The problem is clearly with oracles
At least Oracle should "know" why they value an intermediary certification certificate.
Why a hardware-related Windows software does not "trust" the WHQL certificate of a driver of the operating system has to be answered by oracles
I just know that this certificate is not "important" even in professional settings.
This is where the real problem lies, because Windows’s own "WinVerifyTrust API" simply cannot resolve this Microsoft root CA.
Ergo needs a valid certificate chain, so that at least the intermediary certification certificate "NVIDIA Subordinate CA" must be valid.
Since "2018" has already been replaced by "2019", which expired on June 30, 2020, Windows no longer "trusts" the old chain either.
Oracle has just made it a bit "too easy" for itself and uses the Windows functions without looking "closer".
nVidia has to use the old "2018" intermediate certification certificate because they simply don't have another one that is still valid.
The fault is neither with MS nor with Nvidia, Oraxle has to fix that on his side. Therefore, no other software has problems with it either. For some reason Virtual Box thinks that the 'status of the certificate is "unknown" (Unknown Status -23033), so neither invalid nor valid. You can also see it in the logs.
The problem is NVidia's Intermediate Certification Certificate
When will this finally be fixed? The problem is clearly with oracles
At least Oracle should "know" why they value an intermediary certification certificate.
Why a hardware-related Windows software does not "trust" the WHQL certificate of a driver of the operating system has to be answered by oracles
I just know that this certificate is not "important" even in professional settings.
This is where the real problem lies, because Windows’s own "WinVerifyTrust API" simply cannot resolve this Microsoft root CA.
Ergo needs a valid certificate chain, so that at least the intermediary certification certificate "NVIDIA Subordinate CA" must be valid.
Since "2018" has already been replaced by "2019", which expired on June 30, 2020, Windows no longer "trusts" the old chain either.
Oracle has just made it a bit "too easy" for itself and uses the Windows functions without looking "closer".
nVidia has to use the old "2018" intermediate certification certificate because they simply don't have another one that is still valid.
The fault is neither with MS nor with Nvidia, Oraxle has to fix that on his side. Therefore, no other software has problems with it either. For some reason Virtual Box thinks that the 'status of the certificate is "unknown" (Unknown Status -23033), so neither invalid nor valid. You can also see it in the logs.