VBox 7.0.12 GA cannot verify digital signature Windows 7
-
- Posts: 27
- Joined: 9. Mar 2018, 08:17
Virtualbox 7.0.12 Guest additions VERY broken in several ways
So I'm having this massive issue. I'm on version Version 7.0.12 r159484 (Qt5.15.2). And for some odd reason it kept getting caught into an boot loop startup repair for windows 8/8.1 that it reported it couldn't fix after I installed the guest additions. And I'm not taking about an soft boot loop that I can go into safe mode and uninstall it. No... not even safe mode worked I had to go to the command prompt in the recovery screen, run the del command to the sys file (See screenshot) to get it booted again. I tried the refresh this PC as well... and that didn't work. The only way that it worked again was hitting the reset this PC or deleting that file. I did the 7.0.6 guest additions instead. And it booted perfectly fine. But it doesn't seem to like version 7.0.12. I managed to use the command prompt in the advanced options to pull up the log file and this is what I found.
Windows 11 and 10 boot fine with the .12
Windows 8/8.1 won't boot with the guest editions installed with .12
windows 7 64bit (And possibily 64bit vista) says broken signature and wont install it at all. xp 64 bit boots to black screen, and 32bit xp unaffected.
Windows 7 and vista (both 64 bit) reports the disk as it can't verify the digital signature for VBoxWindowsAdditions.exe, and trying the amd64 says it installs but doesn't upgrade the guest additions from 7.0.10 (At least on windows 7 in this case, vista untested). Windows xp 64 bit reboots into black screen when reaching desktop. windows xp 32bit boots fine with the updated guest editions. So there is something going on with the guest editions.Windows 11 and 10 boot fine with the .12
Windows 8/8.1 won't boot with the guest editions installed with .12
windows 7 64bit (And possibily 64bit vista) says broken signature and wont install it at all. xp 64 bit boots to black screen, and 32bit xp unaffected.
-
- Volunteer
- Posts: 5678
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: Virtualbox 7.0.12 Guest additions VERY broken in several ways
This is a known issue with the VirtualBox Guest Addtitions 7.0.12 (see #21875). For the time being, I'd suggest to use the VirtualBox Guest Additions 7.0.10 (see Re: Discuss the VirtualBox 7.0.12 release here and the whole thread around it for details).
Re: Virtualbox 7.0.12 Guest additions VERY broken in several ways
Hello,
it is also for Virtualbox 6.1.48. I install the guest addition on Windows7 32 Bit. And the VM is destroyed. If it is a known issue, why is there nothing to read on the download page?
Thank you Oracle
it is also for Virtualbox 6.1.48. I install the guest addition on Windows7 32 Bit. And the VM is destroyed. If it is a known issue, why is there nothing to read on the download page?
Thank you Oracle
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: Discuss the VirtualBox 7.0.12 release here
? We don't conduct release discussions on the Downloads page. That's on an entirely different site.
Re: Discuss the VirtualBox 7.0.12 release here
I have Windows 7 installed as a guest on Linux Mint. When I installed the update of Virtualbox to 7.0.12 (along with Extension_Pack-7.0.12), I started the virtual Win7. The VBoxGuestAdditions_7.0.12 was then installed there (with an error message).
After the restart I got a black screen with the error message "Windows cannot verify the digital signature for this file...". I then started Win7 in safe mode and when I rebooted, the usual Win7 interface appeared.
However, the following oddities occur: Some programmes take much longer to start and all shared drives are no longer there. When I shut down, I get the following picture:
After the restart I got a black screen with the error message "Windows cannot verify the digital signature for this file...". I then started Win7 in safe mode and when I rebooted, the usual Win7 interface appeared.
However, the following oddities occur: Some programmes take much longer to start and all shared drives are no longer there. When I shut down, I get the following picture:
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Discuss the VirtualBox 7.0.12 release here
@ Volker S, please look above in this topic. It's a known problem, and workarounds are presented.
Re: Discuss the VirtualBox 7.0.12 release here
I prefer to wait for a new version, since my virtual Windows starts (use working startup files for the last one). Only one programm starts slower and I don't see the error (see image above this thread) when shutting down when I exit the machine with "Save state".
I think restoring the last working startup files of Windows saved me (so that the faulty vboxguest.sys was replaced by the old driver). That's enough for me for now.
I think restoring the last working startup files of Windows saved me (so that the faulty vboxguest.sys was replaced by the old driver). That's enough for me for now.
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Discuss the VirtualBox 7.0.12 release here
Saved state isn't actually shutting down. It's like Windows Hibernation. And it can fail, especially if the Virtualbox version changes.
You can always restore your VM from your backups you took before you made the version change.
-
- Posts: 22
- Joined: 31. Jan 2010, 14:58
- Primary OS: MS Windows 7
- VBox Version: PUEL
- Guest OSses: XP, Win7,SUSE,MS-DOS
- Location: wild south of germany
Re: Discuss the VirtualBox 7.0.12 release here
Wouldn't a chan require an MS update of the guest system ?fth0 wrote: ↑29. Oct 2023, 12:37Such a limitation already exists since a few years, and the VirtualBox developers found a workaround back then (note the "VirtualBox for legacy Windows Only Timestamp Kludge 2014" certificate that didn't exist in 2014 ).BrianG61UK wrote: ↑29. Oct 2023, 00:37 I could be wrong, but as I now understand it, this is needed because Microsoft will no longer sign drivers in a way that is compatible with Windows 7/8/8.1.
If you're talking about a change new in 2023, please provide an information source.
Last updates of my Win 7:
[*]MRT: end of August
[*].NET + MRT: end of June
but VB 6.1.46 was released on 18. July and installed normal.
https://learn.microsoft.com/en-us/windo ... and-later-
last update 06/08/2022 (but states a special signing method for protected audio/video drivers, maybe this "cross-signing" depends on an expired MS certificate ?)
-
- Posts: 22
- Joined: 31. Jan 2010, 14:58
- Primary OS: MS Windows 7
- VBox Version: PUEL
- Guest OSses: XP, Win7,SUSE,MS-DOS
- Location: wild south of germany
Re: Virtualbox 7.0.12 Guest additions VERY broken in several ways
I always do snapshot before upgrading guest additions - that's the real advantage of a virtual system
-
- Posts: 339
- Joined: 9. Jul 2007, 20:02
- Primary OS: MS Windows other
- VBox Version: OSE other
- Guest OSses: Windows and macOSes
- Location: An Ant Farm
- Contact:
Re: Virtualbox 7.0.12 Guest additions VERY broken in several ways
-
- Volunteer
- Posts: 5678
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: Discuss the VirtualBox 7.0.12 release here
@Boxy:
The VirtualBox developers and I think that we know what the problem is:
The VirtualBox development used a new server to build VirtualBox 6.1.48 + 7.0.12, and for some (yet unclear) reason the new server didn't integrate the cross-signing certificate of the SHA-1 certificate chain (from Microsoft for VeriSign) into the VirtualBox binaries. (This cross-signing certificate already expired in 2021, but that wasn't a problem on the old build server so far.) Since the SHA-1 certificate chain can only be used on Windows 8.1 and older, the problem only surfaces in those guest OSes for the VirtualBox users.
The difficulty of finding the cause of (and a solution to) the problem is that Microsofts handling of those cross-signing certificates isn't well documented, that they're implicitly integrated when signing binaries, and that they're not kept in the "normal" Windows certificate stores, so you cannot simply circumvent the problem like in the case of missing "normal" certificates.
The VirtualBox developers and I think that we know what the problem is:
The VirtualBox development used a new server to build VirtualBox 6.1.48 + 7.0.12, and for some (yet unclear) reason the new server didn't integrate the cross-signing certificate of the SHA-1 certificate chain (from Microsoft for VeriSign) into the VirtualBox binaries. (This cross-signing certificate already expired in 2021, but that wasn't a problem on the old build server so far.) Since the SHA-1 certificate chain can only be used on Windows 8.1 and older, the problem only surfaces in those guest OSes for the VirtualBox users.
The difficulty of finding the cause of (and a solution to) the problem is that Microsofts handling of those cross-signing certificates isn't well documented, that they're implicitly integrated when signing binaries, and that they're not kept in the "normal" Windows certificate stores, so you cannot simply circumvent the problem like in the case of missing "normal" certificates.
-
- Posts: 22
- Joined: 31. Jan 2010, 14:58
- Primary OS: MS Windows 7
- VBox Version: PUEL
- Guest OSses: XP, Win7,SUSE,MS-DOS
- Location: wild south of germany
Re: Discuss the VirtualBox 7.0.12 release here
I'm not that deep into Windows business but there was an update at least to Windows 7
https://support.microsoft.com/en-us/top ... a4cde8e64f
"August 13, 2019 ...The support released in March (KB4474419 and KB4490628) will be required in order to continue to receive updates on these versions of Windows..."
"January 28,2020 Signatures on the Certificate Trust Lists (CTLs) for the Microsoft Trusted Root Program changed from dual-signed (SHA-1/SHA-2) to SHA-2 only. No customer action required."
I found a blog at G. Born (sorry, german language): https://www.borncity.com/blog/2019/06/1 ... e-problem/
about "Windows Update" SHA-2 Code Signing Support problems as KB4472027 didn't install in Wind 7-32.
I don't know if the SHA-1 removal concerns driver signatures too - but if so, cross-signing with a MS SHA-2 certificate may be a choice (unfortunately only for Win 7 SP1 guests that installed the fixes mentioned on the MS support site above. But as I said, I'm not a specialist regarding Windows.
-
- Volunteer
- Posts: 5678
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: Discuss the VirtualBox 7.0.12 release here
@Boxy:
Thanks for trying to help!
The information you provided is already known, and SHA-2 signatures (including a cross-signing certificate) are already in use for years. But perhaps its time to eliminate the SHA-1 signatures and force the VirtualBox users to install the Microsoft updates ...
Thanks for trying to help!
The information you provided is already known, and SHA-2 signatures (including a cross-signing certificate) are already in use for years. But perhaps its time to eliminate the SHA-1 signatures and force the VirtualBox users to install the Microsoft updates ...
Re: Discuss the VirtualBox 7.0.12 release here
I'm not sure if it's relevant, but Nvidia drivers have the exact same issue.
Installing 474.30 (those that don't have "WHQL") or later on Windows 8.1 will result in the following in device manager:
or Code 52 - CM_PROB_UNSIGNED_DRIVER
There is a thread on NVidia forums about this, search Google for: "47430-driver-is-broken-missing-digital-signature" (I can't post links). (mod edit: maybe https://www.nvidia.com/en-us/geforce/fo ... signature/)
I don't think it's a coincidence that 474.11 (WHQL) work and 474.30 (non-WHQL) stopped working with the exact same issue as VirtualBox GA. There should be a common cause inside Windows.
Installing 474.30 (those that don't have "WHQL") or later on Windows 8.1 will result in the following in device manager:
Code: Select all
Windows cannot verify the digital signature for the drivers required for this device. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. (Code 52
There is a thread on NVidia forums about this, search Google for: "47430-driver-is-broken-missing-digital-signature" (I can't post links). (mod edit: maybe https://www.nvidia.com/en-us/geforce/fo ... signature/)
I don't think it's a coincidence that 474.11 (WHQL) work and 474.30 (non-WHQL) stopped working with the exact same issue as VirtualBox GA. There should be a common cause inside Windows.