9.23.3 not working with Secure Boot enabled, 9.23.2 works.

[claunia]

Hi,

While this problem seems similar to #49 the solution proposed there does not work.

The error shown is the same, the signature cannot be verified and error code 52.
setupdev.log is surprisingly empty so not much help here.

Tried installing TAP-Windows 9.23.3 manually (Win10, Win7 and generic installer), as well as OpenVPN 2.4.7 (Win10 installer). In all these cases the TAP driver shows the error and doesn't work.

Entering the firmware configuration and disabling Secure Boot (while driver signature enforcement is still enabled in Windows 10), the TAP driver works.

Tried installing TAP-Windows 9.23.2 and it works, both with and without Secure Boot.

9.23.3 also works in BIOS based devices, where Secure Boot is not available at all.

The tested Windows 10 was build 17763.

[rozmansi]

Secure Boot enabled computers will accept WHQL signed drivers only.

[claunia]

@rozmansi is there a reason why the official 9.23.2 TAP installer is WHQL signed and the 9.23.3 isn't?

[rozmansi]

I don't believe any of the TAP-Windows6 drivers are WHQL signed yet. Some of them are attestation signed, which is not the same as WHQL signed.

[mattock]

We don't have any WHQL-signed drivers yet. I'm working on it.

[gituser]

Just hit this issue on Windows 10.

Tap driver v9.23.2 -- WORKS FINE
Tap driver v9.23.3 -- ERRORS with signature error

Had to install manually v9.23.2 from here - https://build.openvpn.net/downloads/releases/tap-windows-9.23.2-I601-Win10.exe and reinstall it on top of OpenVPN 2.4.7.

This might be related to certain new Windows 10 update as the issue started happening after Windows 10 update.