kvm-guest-drivers-windows
kvm-guest-drivers-windows copied to clipboard
virtio-win
Add-WindowsDriver pvpanic-pci fails with: the request is not supported
Describe the bug
In a Windows 2022 machine, while building a Windows PE image mounted at $env:WINDOWS_PE_MOUNT_PATH, calling Add-WindowsDriver pvpanic-pci fails with the request is not supported error.
This also happens for the smbus.inf driver.
To Reproduce
Follow the procedure to mount the Windows PE (e.g. like done at https://github.com/rgl/windows-pe-vagrant/blob/master/provision-winpe.ps1), then try the following to include the pvpanic-pci driver into the mounted Windows PE image:
cd virtio-win-0.1.248\pvpanic\2k22\amd64
$driverPath = 'pvpanic-pci.inf'
Add-WindowsDriver -Path $env:WINDOWS_PE_MOUNT_PATH -Driver $driverPath`
Expected behavior
Expected the driver to be successfully added to the Windows PE image.
Host:
- Disto: Windows 2022
- Kernel version: n/a
- QEMU version: 6.2.0 (Debian 1:6.2+dfsg-2ubuntu6.21) (from Ubuntu 22.04)
- QEMU command line: n/a
- libvirt version: n/a
- libvirt XML file: n/a
VM:
- Windows version: Windows 2022 Server.
- Which driver has a problem: pvpanic-pci
- Driver version or commit hash that was used to build the driver: n/a
Please supply QEMU command line.
Also keep in mind that officially we are not supporting Windows PE. So it might take time for us to take a look at the issue. Looks like Windows PE failing ACPI based devices.
Why is the qemu cmdline relevant? I mean, Add-Windows Driver is supposed to just add the driver to the windows driver store? Does it actually load the driver?
So is this SW first scenario (adding driver without having HW device)?
Yes, the VM (which calls Add-WindowsDriver) that is creating the windows pe iso does not have all the virtio HW devices added to qemu.
The idea is to add all of the virtio drivers to the windows pe iso (and not to the VM that is creating the iso), that way, when windows pe runs, it has all the possible virtio drivers baked in.
I can reproduce this issue locally. It turns out the failure is due to the pvpanic-pci binary isn't signed/certified by Microsoft. I suppose WHQL test hasn't been run with pvpanic-pci driver, so the driver isn't signed together with pvpanic driver. This existing pvpanic-pci binary is signed with Redhat signature, this 3rd party signature doesn't satisfy "Add-WindowsDriver". In this case, I would suggest to run WHQL test with pvpanic-pci driver and get it signed/certified by MS, or sign this pvpanic-pci driver by Windows Attestation Signing.
The pvpanic-pci driver in virtio-win-0.1.248 is not attestation signed. Unfortunately, the upcoming public release virtio-win-0.1.262 (which should be available in a week) will also have the same problem. We will fix this issue in the next public release coming after that.
Vadim.
@YanVugenfirer sure. vrozenfe@milly:/run/media/vrozenfe/virtio-win-0.1.266/pvpanic$ tree -f * | grep -i pvpanic-pci ├── 2k16/amd64/pvpanic-pci.cat ├── 2k16/amd64/pvpanic-pci.inf ├── 2k19/amd64/pvpanic-pci.cat ├── 2k19/amd64/pvpanic-pci.inf ├── 2k22/amd64/pvpanic-pci.cat ├── 2k22/amd64/pvpanic-pci.inf │ ├── 2k25/amd64/pvpanic-pci.cat │ ├── 2k25/amd64/pvpanic-pci.inf ├── 2k25/ARM64/pvpanic-pci.cat ├── 2k25/ARM64/pvpanic-pci.inf │ ├── w10/amd64/pvpanic-pci.cat │ ├── w10/amd64/pvpanic-pci.inf │ ├── w10/ARM64/pvpanic-pci.cat │ ├── w10/ARM64/pvpanic-pci.inf ├── w10/x86/pvpanic-pci.cat ├── w10/x86/pvpanic-pci.inf │ ├── w11/amd64/pvpanic-pci.cat │ ├── w11/amd64/pvpanic-pci.inf ├── w11/ARM64/pvpanic-pci.cat ├── w11/ARM64/pvpanic-pci.inf
All of them should be attestation signed.
Best, Vadim.