VirtualBox

Ticket #13882 (closed defect: worksforme)

Opened 7 years ago

Last modified 7 years ago

CERT_E_CHAINING error on self signed Nvidia files

Reported by: kptkill Owned by:
Component: other Version: VirtualBox 4.3.22
Keywords: Cc:
Guest type: other Host type: other

Description

Receiving the following error on self signed Nvidia drivers:

WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'

WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\Nvd3d9wrapx.dll'

WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume1\Windows\System32\nvinitx.dll'

Attachments

VBoxStartup.log Download (464.9 KB) - added by kptkill 7 years ago.
VBoxStartup.log showing error
2015-02-22 21_20_36-Digital Signature Details.png Download (7.7 KB) - added by kptkill 7 years ago.
2015-02-22 18_36_21-coprocmanager.png Download (12.7 KB) - added by kptkill 7 years ago.

Change History

Changed 7 years ago by kptkill

VBoxStartup.log showing error

Changed 7 years ago by kptkill

Changed 7 years ago by kptkill

comment:1 Changed 7 years ago by bird

  • Status changed from new to closed
  • Resolution set to worksforme

Three is nothing wrong here, you're just confused by the log file. "supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)" overrides the previous "supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on ..." message in every case. That is to say, we've used an alternative way of checking the authenticity of the DLLs via windows APIs. (This DLL and its signature was already checked out by our own signature verification code.)

Btw. the NVIDIA DLLs aren't self signed, they have a sub CA certificate "CN=NVIDIA Subordinate CA 2014, DC=nvidia, DC=com" issued to them by "CN=Microsoft Digital Media Authority 2005". This microsoft root CA certificate isn't found by the WinVerifyTrust API and it thus returns CERT_E_CHAINING as it cannot anchor the trust chain. Microsoft doesn't appear to install this certificate as a trusted root certificate by default, they probably have a reason for this, though it escapes me. Both AMD/ATI and Intel have similar subordinate CA certificates, btw.

Last edited 7 years ago by bird (previous) (diff)
Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use