Installing-signed-GPLPV-drivers

From Univention Wiki

Jump to: navigation, search

The GPLPV driver is a driver for Microsoft Windows, which enables Windows DomU systems virtualised in Xen to access the network and block drivers of the Xen Dom0. This provides a significant performance and reliability gain over the standard devices emulated by Xen/QEMU.

The GPLPV driver is a free software driver developed by James Harper. He maintains the sources in the Xen.org mercurial version control system, but the current official build are only test-signed, i.e. they are not recognised to be trusted Windows drivers. While this doesn't pose problems for older versions of Windows (for which you only need to acknowledge a warning during installation), the 64 bit version of Windows Vista / 7 / 8 / 2008 server / 2012 server enforce the use of signed drivers. The only workaround for these drivers is to enable the test mode using bcdedit. This, however, has the disadvantage that a note about the test mode is displayed on the desktop and that using the test mode voids the warranty of some applications.

Feedback can be provided using email.

UCS Virtual Machine Manager for different virtualization technologies

The UCS Virtual Machine Manager (UVMM) is a high-performance and cost-efficient administration tool to virtualize and centrally manage IT infrastructure. It is a default component in Univention Corporate Server. Further information on UVMM can be found at http://www.univention.com/products/ucs/ucs-components/virtualization/

Installing signed GPLPV drivers in Windows Xen instances

Univention provides the GPLPV drivers signed with a Software Publishers Certificate obtained from the VeriSign CA. This allows you to run the drivers without the need of enabling the test mode.

In Univention Corporate Server the GPLPV drivers are included in the form of ISO images, which can be added in the drive settings of the UCS Virtual Machine Manager. A UCS ISO image can be downloaded at: https://www.univention.com/download-and-support/ucs-download/ Alternatively, the drivers are available at: http://apt.univention.de/download/addons/gplpv-drivers/ .

The sources were obtained from http://xenbits.xensource.com/ext/win-pvdrivers.

The directory includes SHA256 hashes of the individual MSI files in the file hashes-0.11.0.372.txt.asc. This file is signed with the PGP key used for the security updates for Univention Corporate Server (F510AADA).

There are different MSI installer packages for the various Windows releases, which can be started with a simple double click. The "typical" installation should cover most use cases. The Windows installations need to be updated to the current service packs before installing the GPLPV drivers. E.g., using the GPLPV driver on Windows XP w/o SP3 is not possible.

Windows versions Driver packages
64 Bit - Windows Server 2012

64 Bit - Windows Server 2008 R2
64 Bit - Windows Server 2008
64 Bit - Windows 8
64 Bit - Windows 7
64 Bit - Windows Vista

gplpv_Vista2008x64_0.11.0.372.msi
32Bit - Windows Server 2008

32Bit - Windows 8
32Bit - Windows 7
32Bit - Windows Vista

gplpv_Vista2008x32_0.11.0.372.msi
64 Bit - Windows Server 2003 gplpv_2003x64_0.11.0.372.msi
32 Bit - Windows Server 2003 gplpv_2003x32_0.11.0.372.msi
32 Bit - Windows Server 2000 gplpv_2000_signed_0.11.0.372.msi
32 Bit - Windows XP gplpv_XP_signed_0.11.0.372.msi

After successful installation "Xen Net Device Driver" and "Xen Block Device Driver" can be found in the device manager.

Updating from test-signed GPLPV drivers

Upgrading an installation with the test-signed drivers involves a few additional steps:

1. Download http://www.meadowcourt.org/downloads/gplpv_uninstall_bat.zip and extract uninstall_0.10.x.bat out of the ZIP archive.

2. The test-signed drivers need to be removed in the system settings module fo uninstalling software. The component to be uninstalled is labelled "GPL PV Drivers for Windows", the five subelemenents below are deinstalled along with the main package. The final question, whether the system should be rebooted now, needs to be answered with "No".

3. Execute uninstall_0.10.x.bat

4. Reboot the system.

5. Now the Univention-signed MSI package can be installed as described above. After successul installation the system must be rebooted.

6. Finally test mode can be deactivated by entering the command "bcdedit /set testsigning off". This setting only takes effect after a reboot.

Personal tools