Joseph L. Casale
2008-Jun-08 00:23 UTC
[Xen-users] Installing 0.9.7 GPL PV Drivers in Windows Server 2008 x64
I can''t seem to get an F8 pressed through vnc in time to boot with signature checking disabled to install this, as the drivers are bundled inside the installer I cant sign them ahead of time so I can''t install them. Anyone know the trick here? Thanks! jlc _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Florian Manschwetus
2008-Jun-08 10:15 UTC
Re: [Xen-users] Installing 0.9.7 GPL PV Drivers in Windows Server 2008 x64
Joseph L. Casale schrieb:> I can''t seem to get an F8 pressed through vnc in time to boot with > signature checking disabled to install this, as the drivers are bundled > inside the installer I cant sign them ahead of time so I can''t install > them. > > Anyone know the trick here? > > Thanks! > jlc > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >The cleanest approach is to sign the stuff and set the windows in testsigning mode, then add a second boot entry and all is fine. florian _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Joseph L. Casale
2008-Jun-08 15:32 UTC
RE: [Xen-users] Installing 0.9.7 GPL PV Drivers in Windows Server 2008 x64
>The cleanest approach is to sign the stuff and set the windows in testsigning mode, then add a second boot entry and all is fine. > >florianFlorian, What''s the procedure to sign these, I have the signtool and a test cert created in a new store, but how do you sign them after install? Thanks, jlc _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Florian Manschwetus
2008-Jun-08 16:34 UTC
Re: [Xen-users] Installing 0.9.7 GPL PV Drivers in Windows Server 2008 x64
Joseph L. Casale schrieb:>> The cleanest approach is to sign the stuff and set the windows in testsigning mode, then add a second boot entry and all is fine. >> >> florian > > Florian, > What''s the procedure to sign these, I have the signtool and a test cert created > in a new store, but how do you sign them after install? > > Thanks, > jlc >You have to sign the driver files (before installing them). I''ll have to look for a mail i send james, found and copied the significant part under the line.;) Florian -------------------------------------------- Here they are: It is quite easy, you have to setup a sw singing cert in your store (cert + priv key), may be also the RootCert of the CA issued the cert, then you have to deliver this cert with the drivers in order to get the servers to trust the ca or tell us where the ca publishes there certificate. then just do the following (this is when PWD is winlh). inline cert the drivers (boot test sign): signtool sign /v /n Florian /t http://timestamp.verisign.com/scripts/timestamp.dll i386\xenhide.sys i386\xennet.sys i386\xenpci.sys i386\xenvbd.sys amd64\xenhide.sys amd64\xennet.sys amd64\xenpci.sys amd64\xenvbd.sys Florian is the firstname of the name used in my University cert, so replace with something that referenzes your certified name (used to locate the key-ring to use), also have a look on the files, mayber you have to add/remove some files to/from the list. generating catalog: inf2cat /drv:. /os:Vista_X86,Server2008_X86,Vista_X64,Server2008_X64 (name follows the entry in the *.inf) signing catalog: signtool sign /v /n Florian /t http://timestamp.verisign.com/scripts/timestamp.dll xengplpv.cat So now put the CA (if it is not trusted already in your and the machines trusted CA store using mmc with cert snapin) may be you have to do this before signing. bcdedit: allow testsigned drivers (for boot): bcdedit /set testsigning 1 copy boot entry in order to enable gplpv: bcdedit /copy {default} /d GPLPV enable gplpv bootoption on this entry: bcdedit /set {f7cbfade-2567-11dd-8eae-00163e000003} loadoptions GPLPV the id could determined using: bcdedit (when the other entry is active) or always using bcdedit /v (shows all ids just look for description field to determine which entry is the correct one) florian _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Joseph L. Casale
2008-Jun-08 16:45 UTC
RE: [Xen-users] Installing 0.9.7 GPL PV Drivers in Windows Server 2008 x64
>You have to sign the driver files (before installing them). >I''ll have to look for a mail i send james, found and copied the >significant part under the line.;) > >FlorianThanks for the helpful info. So I noticed when there is another boot entry I get the allotted wait time at selection and can make the F8 choice. How does one get at these drivers before installation now that they are bundled in an installer? I am going to roll my snapshot back and choose to install without selecting the drivers and hope it places the copy in the program files directory, then I assume a manual install is what is needed? I am just making a test cert as outlined in http://msdn.microsoft.com/en-us/library/aa906249.aspx The output from the signtool is successful on the copy in the Program Files directory, so that much seems to be working. Thanks! jlc _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Florian Manschwetus
2008-Jun-08 16:59 UTC
Re: [Xen-users] Installing 0.9.7 GPL PV Drivers in Windows Server 2008 x64
Oh, i missed that the release type has changed. So, james please get a CA-Cert certificate and testsign this, so we could get a lot forward. I''ll check this out tomorrow. Florian Joseph L. Casale schrieb:>> You have to sign the driver files (before installing them). >> I''ll have to look for a mail i send james, found and copied the >> significant part under the line.;) >> >> Florian > > Thanks for the helpful info. So I noticed when there is another boot entry > I get the allotted wait time at selection and can make the F8 choice. How > does one get at these drivers before installation now that they are bundled > in an installer? I am going to roll my snapshot back and choose to install > without selecting the drivers and hope it places the copy in the program files > directory, then I assume a manual install is what is needed? > > I am just making a test cert as outlined in http://msdn.microsoft.com/en-us/library/aa906249.aspx > The output from the signtool is successful on the copy in the Program Files > directory, so that much seems to be working. > > Thanks! > jlc >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users