nvd3dumx.dll certificate not valid

Discussions related to using VirtualBox on Windows hosts.
Elwexo
Posts: 28
Joined: 22. Jul 2020, 09:22

Re: nvd3dumx.dll certificate not valid

Post by Elwexo »

Yep, still got a bad cert after installing 451.85

00:00:03.580501 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: rc=VERR_CR_X509_CPV_NOT_VALID_AT_TIME fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0ca4d193b971e28\nvldumdx.dll: Certificate is not valid (ValidTime=2020-07-24T02:26:23.000000000Z Validity=[2018-07-18T17:42:53.000000000Z...2019-07-18T17:42:53.000000000Z]): \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0ca4d193b971e28\nvldumdx.dll
squall leonhart
Posts: 312
Joined: 21. Apr 2010, 10:39
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Windows XP, 8, 10, Android x86

Re: nvd3dumx.dll certificate not valid

Post by squall leonhart »

fth0 wrote:
jacobd wrote:NVIDIA are advising that their digital signing is not incorrect
Where exactly is this stated?
jacobd wrote:New NVIDIA hotfix driver just released
NVIDIA still used the expired certificate when signing the 451.85 NVIDIA drivers.

Note that I don't take sides regarding this topic. NVIDIA and Oracle both do things that are debatable, and both could do better IMHO. I'm just trying to stick to the facts.

At the present time, there is no way to obtain digital authority certificates from microsoft to countersign a new signature, thats why they are using the nvidia pe corp signature that they are (as the countersignature has a longer timestamp validity).

This is apparently going to remain as such until microsoft employee's begin working in office again.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: nvd3dumx.dll certificate not valid

Post by fth0 »

squall leonhart wrote:At the present time, there is no way to obtain digital authority certificates from microsoft to countersign a new signature, thats why they are using the nvidia pe corp signature that they are (as the countersignature has a longer timestamp validity).
Thanks for the explanation (what's the information source?), but it only partially makes sense to me:

Up to now, I only checked the leaf certificates (CN = NVIDIA Corporation-PE-Prod-Sha1) that both aren't valid any more. I didn't bother to look at the intermediate certificates (CN = NVIDIA Subordinate CA 2018-Prod-Sha1 and CN = NVIDIA Subordinate CA 2019-Prod-Sha1), from which the older one is still valid (up to 2023). Why would NVIDIA need a new intermediate certificate from the root CA (CN = Microsoft Digital Media Authority 2005) then? Why can't they just issue a new leaf certificate themselves?

Regarding code signing, I still think that signatures may only be created during the validity period of the leaf certificate. Only the signature verification can be carried out anytime afterwards. What makes you think otherwise?
jacobd
Posts: 15
Joined: 24. Feb 2020, 10:46

Re: nvd3dumx.dll certificate not valid

Post by jacobd »

New NVIDIA drivers: 452.06 released if anyone wants to take a look and see if issue persists.
C_User_007
Posts: 5
Joined: 15. Feb 2018, 08:20

Re: nvd3dumx.dll certificate not valid

Post by C_User_007 »

jacobd wrote:New NVIDIA drivers: 452.06 released if anyone wants to take a look and see if issue persists.
Sadly, the issue persists.
Seems that Nvidia are still using a faulty cert.
supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\nvldumdx.dll' (C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\nvldumdx.dll): rcNt=0xc0000190
jacobd
Posts: 15
Joined: 24. Feb 2020, 10:46

Re: nvd3dumx.dll certificate not valid

Post by jacobd »

C_User_007 wrote:
jacobd wrote:New NVIDIA drivers: 452.06 released if anyone wants to take a look and see if issue persists.
Sadly, the issue persists.
Seems that Nvidia are still using a faulty cert.
supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\nvldumdx.dll' (C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\nvldumdx.dll): rcNt=0xc0000190
Sad news - thanks for checking though. It might be worth anyone affected by this issue to submit or re-submit a feedback form to Nvidia: https://forms.gle/kJ9Bqcaicvjb82SdA
Maybe if they get a few reports early in the release cycle it will trigger some action.

It seems the Virtualbox bug ticket here https://www.virtualbox.org/ticket/19743 hasn't been looked at as yet.
squall leonhart
Posts: 312
Joined: 21. Apr 2010, 10:39
Primary OS: MS Windows 7
VBox Version: PUEL
Guest OSses: Windows XP, 8, 10, Android x86

Re: nvd3dumx.dll certificate not valid

Post by squall leonhart »

The cert is not faulty, Oracles backwards --- signature validation is.

Even the last Fermi drivers are now broken because Oracle is not validating all signatures present.
Last edited by scottgus1 on 27. Aug 2020, 19:22, edited 1 time in total.
Reason: removed expletive
jacobd
Posts: 15
Joined: 24. Feb 2020, 10:46

Re: nvd3dumx.dll certificate not valid

Post by jacobd »

New Nvidia hotfix driver out: https://nvidia.custhelp.com/app/answers ... 0014925836
And of course VirtualBox 6.1.14 has just been released.
From scanning the release notes for both I can't see any indication this issue might be resolved, but in case someone wants to test.
jacobd
Posts: 15
Joined: 24. Feb 2020, 10:46

Re: nvd3dumx.dll certificate not valid

Post by jacobd »

New nvidia drivers just released - 456.38: https://www.nvidia.com/en-us/drivers/results/163531/
wikiti
Posts: 2
Joined: 18. Sep 2020, 11:30

Re: nvd3dumx.dll certificate not valid

Post by wikiti »

Tried the VirtualBox 6.1.14 version with 456.38 nvidia drivers, and the certificate is still invalid, thus 3D acceleration is not working.
jacobd
Posts: 15
Joined: 24. Feb 2020, 10:46

Re: nvd3dumx.dll certificate not valid

Post by jacobd »

wikiti wrote:Tried the VirtualBox 6.1.14 version with 456.38 nvidia drivers, and the certificate is still invalid, thus 3D acceleration is not working.
Sad times, but thanks for checking! I guess all we can do is continue to log the issue with Nvidia as well. You can find their driver feedback form here: https://forms.gle/kJ9Bqcaicvjb82SdA
Would encourage anyone experiencing the issue to fill this out, even if you've done it in the past.
jacobd
Posts: 15
Joined: 24. Feb 2020, 10:46

Re: nvd3dumx.dll certificate not valid

Post by jacobd »

New NVIDIA driver 456.55 released, can't see anything obvious in the release notes but in case someone would like to test.

As a side note, I assume this issue means that 3d acceleration will not work with the NVIDIA RTX 30 series of video cards just released, as that hardware requires recent versions of their drivers.
wikiti
Posts: 2
Joined: 18. Sep 2020, 11:30

Re: nvd3dumx.dll certificate not valid

Post by wikiti »

jacobd wrote:New NVIDIA driver 456.55 released, can't see anything obvious in the release notes but in case someone would like to test.

As a side note, I assume this issue means that 3d acceleration will not work with the NVIDIA RTX 30 series of video cards just released, as that hardware requires recent versions of their drivers.
Certificate is still invalid for 456.55.
jacobd
Posts: 15
Joined: 24. Feb 2020, 10:46

Re: nvd3dumx.dll certificate not valid

Post by jacobd »

NVIDIA hotfix driver 456.71 released:

https://nvidia.custhelp.com/app/answers ... /kw/456.71

It might be worth trying both the standard and DCH versions of the drivers if someone hasn't already. It could be just the same stuff in a different package, but maybe the signatures vary?
This has an explanation about the differences: https://nvidia.custhelp.com/app/answers ... /a_id/4777
Lord Wotan
Posts: 5
Joined: 4. Oct 2020, 10:53

Re: nvd3dumx.dll certificate not valid

Post by Lord Wotan »

NVidia can't fix anything. Because Microsoft doesn't deliver a new one.
The problem is NVidia's Intermediate Certification Certificate

When will this finally be fixed? The problem is clearly with oracles

At least Oracle should "know" why they value an intermediary certification certificate.
Why a hardware-related Windows software does not "trust" the WHQL certificate of a driver of the operating system has to be answered by oracles
I just know that this certificate is not "important" even in professional settings.


This is where the real problem lies, because Windows’s own "WinVerifyTrust API" simply cannot resolve this Microsoft root CA.
Ergo needs a valid certificate chain, so that at least the intermediary certification certificate "NVIDIA Subordinate CA" must be valid.
Since "2018" has already been replaced by "2019", which expired on June 30, 2020, Windows no longer "trusts" the old chain either.

Oracle has just made it a bit "too easy" for itself and uses the Windows functions without looking "closer".


nVidia has to use the old "2018" intermediate certification certificate because they simply don't have another one that is still valid.


The fault is neither with MS nor with Nvidia, Oraxle has to fix that on his side. Therefore, no other software has problems with it either. For some reason Virtual Box thinks that the 'status of the certificate is "unknown" (Unknown Status -23033), so neither invalid nor valid. You can also see it in the logs.
Post Reply