VBox 7.0.12 GA cannot verify digital signature Windows 7

[Boxy]

But perhaps its time to eliminate the SHA-1 signatures and force the VirtualBox users to install the Microsoft updates ...

...(mod edit: maybe https://www.nvidia.com/en-us/geforce/fo ... signature/)...

NVIDA thread link leads to https://nvidia.custhelp.com/app/answers ... a_id/5445/
Starting January 16th 2023, Microsoft is no longer accepting driver submissions for WHQL certification on Windows 7. Please follow below guidelines to install your driver correctly on your system.
and results in "Bcdedit.exe -set TESTSIGNING ON’"

As another solution, User Sora states in the NVIDIA thread:
"Users can self sign both the catalog and service binary and inject that signature into the trusted root certificate location.",
but in my opinion it's too complex for John Doe (I had to change selfsigned server certificates to Internal CA root the last weeks, no fun ).

Unsure if installing critical drivers (audio & video: I assume to block obscure riping drivers for movie copy protection) selfsigned without cross signing by MS really works... but if so, it would be more convenient Virtualbox delivering Win7 guest addons in two packages:

• one for SHA-1 (without the SHA-2 fix),
• the other for SHA-2,

both with catalog and service binary signed by Virtualbox certificates that have to be installed as trusted root in each VM.
(maybe checking SHA-2 availability while installing ?)

Just a thought...

[Boxy]

I don't think it's a coincidence that 474.11 (WHQL) work and 474.30 (non-WHQL) stopped working with the exact same issue as VirtualBox GA. There should be a common cause inside Windows.

As far as I understand, MS requires "critical drivers" cross-signed by a MS certificate (see link to MS support above) .
I assume because of inhibiting installing drivers that compromise copy protection (they talk about audio and video).

Maybe this MS cross-sign certificate expired or has been revoked some time ago, so drivers signed with this certificate cannot be installed - and as NVIDIA states, MS doesn't accept new driver submissions (nor delivers a new cross-sign certificate for Win7,I'm sure).
Maybe the MS cross-sign certificate was removed or expired by one of the MRT updates that are still delivered to Windows 7 ?
Who knows...

[BrianG61UK]

Unsure if installing critical drivers (audio & video: I assume to block obscure riping drivers for movie copy protection) selfsigned without cross signing by MS really works... but if so, it would be more convenient Virtualbox delivering Win7 guest addons in two packages:

• one for SHA-1 (without the SHA-2 fix),
• the other for SHA-2,

Surely there should be no problem with signing a single driver both ways?

[fth0]

Surely there should be no problem with signing a single driver both ways?

Regarding code signing, we cannot be completely sure: For one, VirtualBox uses three signatures where most verification tools only expect two. Additionally, if the verification of the first signature fails for some unknown reason A or B, how do you know that in both cases the second signature gets checked at all?

[GS]

Is there perhaps a syntax error in this Admin/CMD prompt command? All I get when running is an error:
"'C:\windows\system32' is not recognized as an internal or external command, operable program or batch file"

I tried a number of solutions, including registry editing, nothing worked.

But what worked for me is, start an Administrative CMD and run "C:\WINDOWS\system32>bcdedit /set testsigning on"

Rebooted and successfully installed VirtualBox Guest Additions 7.0.12.

[klaus]

Yes, Simple07 did a bit too much copy/paste and included the cmd.exe prompt. I edited his post and the quoted one below.

Is there perhaps a syntax error in this Admin/CMD prompt command? All I get when running is an error:
"'C:\windows\system32' is not recognized as an internal or external command, operable program or batch file"

I tried a number of solutions, including registry editing, nothing worked.

But what worked for me is, start an Administrative CMD and run "bcdedit /set testsigning on"

Rebooted and successfully installed VirtualBox Guest Additions 7.0.12.

[ant]

Yes, Simple07 did a bit too much copy/paste and included the cmd.exe prompt. I edited his post and the quoted one below.

Is there perhaps a syntax error in this Admin/CMD prompt command? All I get when running is an error:
"'C:\windows\system32' is not recognized as an internal or external command, operable program or batch file"

I tried a number of solutions, including registry editing, nothing worked.

But what worked for me is, start an Administrative CMD and run "bcdedit /set testsigning on"

Rebooted and successfully installed VirtualBox Guest Additions 7.0.12.

Do I assume this is the only workaround to use before VB developers can fix it (if they even can)?

[ant]

Yes, Simple07 did a bit too much copy/paste and included the cmd.exe prompt. I edited his post and the quoted one below.

Is there perhaps a syntax error in this Admin/CMD prompt command? All I get when running is an error:
"'C:\windows\system32' is not recognized as an internal or external command, operable program or batch file"

I tried a number of solutions, including registry editing, nothing worked.

But what worked for me is, start an Administrative CMD and run "bcdedit /set testsigning on"

Rebooted and successfully installed VirtualBox Guest Additions 7.0.12.

Do we need to bcdedit /set testsigning off after the installation?

[fth0]

Some of the VirtualBox code signing issues in VirtualBox 7.0.12 have been fixed:

Please try the VirtualBox Guest Additions 6.1.49r159549 or 7.0.13r160034 (or newer) in Windows 7|8.1 guests and report back!

Please try VirtualBox 7.0.13r160034 (or newer) on Windows 7|8.1 hosts and report back!

PS: The files can be found on the VirtualBox test builds page.

Edit:
More code signing issues have been fixed, see Re: Discuss the VirtualBox 7.0.12 release here

[FranceBB]

Good news! The VirtualBox code signing issues in VirtualBox 7.0.12 have been fixed

Nice!
I grabbed the new Guest Addition ISO version 160040 and I tried to install the new drivers on Windows 8.1 Pro x64: it worked like a charm!

Screenshot from 2023-11-07 21-37-33.png (91.87 KiB) Viewed 26310 times

A big fat thank you to everyone involved in this and as always to the devs who promptly fixed the issue!

[karabaja4]

Some of the VirtualBox code signing issues in VirtualBox 7.0.12 have been fixed:

Please try the VirtualBox Guest Additions 6.1.49r159549 or 7.0.13r160034 (or newer) in Windows 7|8.1 guests and report back!

Please try VirtualBox 7.0.13r160034 (or newer) on Windows 7|8.1 hosts and report back!

PS: The files can be found on the VirtualBox test builds page.

Can you elaborate on what the root cause was?

[Simple07]

Started with VirtualBox-7.0.10-158379-Win with its VBoxGuestAdditions_7.0.10-158379 (which was working fine).

I upgraded to VirtualBox-7.0.12-159484-Win and tried installing VBoxGuestAdditions_7.0.13-160034, but I got the below error:

Error opening file for writing: C:\Program Files\Oracle\VirtualBox Guest Additions\cert\VBoxCertUtil.exe

Removed VirtualBox-7.0.12-159484-Win and deleted the "C:\Program Files\Oracle" folder and installed VirtualBox-7.0.13-160034-Win then upgraded the VBoxGuestAdditions_7.0.10-158379 to VBoxGuestAdditions_7.0.13-160034 and all seems to be working well now.

Update:
I noticed an issue with USB after first boot, but it disappears after a driver update. I don't remember this happening in previous updates.

[fth0]

Can you elaborate on what the root cause was?

The missing cross-cert, which klaus and I already mentioned in this thread, had to be added to the build servers as a separate file, because it's not contained in any of the Windows certificate stores.

[Boxy]

Please try the VirtualBox Guest Additions 6.1.49r159549 or 7.0.13r160034 (or newer) in Windows 7|8.1 guests and report back!

Host is Win10-64 running VBox 6.1.48.
Asked about GA 6.1.49r159549 in Win7-64 guest: works !
(but shows 6.1.49r159675 in the task tray )

[fth0]

but shows 6.1.49r159675 in the task tray

You can probably ignore that. 159675 was the revision in the VirtualBox 6.1 SVN branch at the last time VirtualBox 6.1.49 was built, but the source files needed to build the GA were unchanged since revision 159549, so the GA build has this smaller revision number.