[ofw] Failing Server 2008/Vista mthca.sys driver install

Anatoly Greenblatt anatolyg at voltaire.com
Sun Sep 7 02:52:21 PDT 2008 

Hi Stan,

I think you missed Verisign's cross-certificate: MSCV-VSClass3.cer.

        for %%f in ( *.sys ) do (
            signtool sign /v /ac MSCV-VSClass3.cer /n "Voltaire" %TS%
%%f

Regards,
Anatoly.

-----Original Message-----
From: ofw-bounces at lists.openfabrics.org
[mailto:ofw-bounces at lists.openfabrics.org] On Behalf Of Smith, Stan
Sent: Saturday, September 06, 2008 03:23
To: ofw at lists.openfabrics.org
Subject: [ofw] Failing Server 2008/Vista mthca.sys driver install

Hi,
  Does this error condition make sense to anyone? The driver .sys files
verifies with the .cat file. Installer thinks everything is OK. Deep
down in the basement of Event viewer->code integrity I find the
following.
Any clues to the real error here; seen this before?

Thanks,

Stan.

PS: Server 2003 & XP install the drivers just fine.


Log Name:      Microsoft-Windows-CodeIntegrity/Operational
Source:        Microsoft-Windows-CodeIntegrity
Date:          9/5/2008 2:20:57 PM
Event ID:      3004
Task Category: (1)
Level:         Error
Keywords:
User:          SYSTEM
Computer:      CN07
Description:
Windows is unable to verify the image integrity of the file
\Device\HarddiskVolume1\Windows\System32\drivers\mthca.sys
because file hash could not be found on the system. A recent hardware or
software change
might have installed a file that is signed incorrectly or damaged, or
that might be
malicious software from an unknown source.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-CodeIntegrity"
Guid="{4ee76bd8-3cf4-44a0-a0ac-3937643e37a3}" />
    <EventID>3004</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>1</Task>
    <Opcode>104</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2008-09-05T21:20:57.125Z" />
    <EventRecordID>44</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="72" />
    <Channel>Microsoft-Windows-CodeIntegrity/Operational</Channel>
    <Computer>CN07</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="FileNameLength">58</Data>
    <Data
Name="FileNameBuffer">\Device\HarddiskVolume1\Windows\System32\drivers\m
thca.sys</Data>
  </EventData>
</Event>

How mthca.cat was signed.

Cross cert generation: .pvk + .spc + password --> WinOF_Software_Pub.pfx

.pfx file added to the Personal certificate store of the local
computer that signs the driver.

%CD%=wlh\bin\bin\HCA - amd64 contains all files referenced by mthca.inf
for x64 install

inf2cat /driver:%CD%\amd64 /os:Server2008_X64,Vista_X64

set TS=/t http://timestamp.verisign.com/scripts/timstamp.dll

signtool sign /a /f WinOF_Software_Pub.pfx /p xxx %TS% mthca.cat

signtool verify /kp /v /c mthca.cat mthca.sys

Verifying: mthca.sys
File is signed in catalog: mthca.cat
Signing Certificate Chain:
    Issued to: Class 3 Public Primary Certification Authority
    Issued by: Class 3 Public Primary Certification Authority
    Expires:   8/1/2028 4:59:59 PM
    SHA1 hash: 742C3192E607E424EB4549542BE1BBC53E6174E2

        Issued to: VeriSign Class 3 Code Signing 2004 CA
        Issued by: Class 3 Public Primary Certification Authority
        Expires:   7/15/2014 4:59:59 PM
        SHA1 hash: 197A4AEBDB25F0170079BB8C73CB2D655E0018A4

            Issued to: OpenFabrics Alliance
            Issued by: VeriSign Class 3 Code Signing 2004 CA
            Expires:   8/20/2009 4:59:59 PM
            SHA1 hash: 50AEA9397BD672F24FE4B15CF6461FED5E8EA270

The signature is timestamped: 9/5/2008 11:07:04 AM
Timestamp Verified by:
    Issued to: Thawte Timestamping CA
    Issued by: Thawte Timestamping CA
    Expires:   12/31/2020 4:59:59 PM
    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656

        Issued to: VeriSign Time Stamping Services CA
        Issued by: Thawte Timestamping CA
        Expires:   12/3/2013 4:59:59 PM
        SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D

            Issued to: VeriSign Time Stamping Services Signer - G2
            Issued by: VeriSign Time Stamping Services CA
            Expires:   6/14/2012 4:59:59 PM
            SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE

Successfully verified: mthca.sys

Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
_______________________________________________
ofw mailing list
ofw at lists.openfabrics.org
http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ofw

More information about the ofw mailing list