Zerotierone: Windows ARM64 PORT_ERROR
Guessing this is an upstream (OpenVPN TAP/NDIS) issue, but unable to:
a) install the driver without first disabling driver signing (Windows 10 1909)
b) getting PORT_ERROR when attempting to connect, because even with driver signing disabled and manual installation of NDIS driver, it's still not fully compatible with Win32 emulation on Surface X/working functionality isn't there for ARM64.
Tried compiling from source for ARM64 arch but still encountered the same PORT_ERROR. Upstream OpenVPN/Viscosity client does support Windows ARM64 (tested and works on Surface X) so I'm curious what needs to be brought back over to ZeroTier: https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-2/
Update: Reviewing OpenVPN's TAP driver, NDIS 6.30 is where ARM64 functionality for Windows 10 came about. ZT appears to be using NDIS5 still, so I'm not sure if this is something that can be easily ported.
rgnv
All 13 comments
Could you attach C:ProgramDataZeroTierOneport_error_log.txt?
bradsoto
on 28 Feb 2020
Just a single line repeating:
93afae5963af3b08: unable to create new device instance: SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed
rgnv
on 28 Feb 2020
Did you build an arm64 driver? Did you self-sign it and enable test mode? (See https://github.com/zerotier/ZeroTierOne/pull/1147)
I think this error is because the setupapi.dll that is loaded by ZT1 must match the arch of the driver, and the arch of the driver must match the arch of the system. In our case arm64.
bradsoto
on 28 Feb 2020
Yeah we don't have support for Windows on ARM64 yet.
glimberg
on 28 Feb 2020
I had limited success compiling the OpenVPN NDIS6 driver and getting zt to see it/initialize, but didn't get any further due to time. At this point it's not a high priority for me as I ended up getting a gl.iNET hotspot with zt built in that's my go-to roadwarrior device.
rgnv
on 28 Feb 2020
What are your steps to get ZT to use openvpn's driver? They released an official build of the driver.
bradsoto
on 28 Feb 2020
It's not a direct copy of the OpenVPN driver. The current driver is based on the OpenVPN NDIS6 code, but some customization had to be done to get proper support for multicast.
glimberg
on 28 Feb 2020
Just a single line repeating:
93afae5963af3b08: unable to create new device instance: SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed
i'm getting the same messages, repeated each time I tried to install. Contents of port_error_log:
"unable to create new device instance: SetupDiCallClassInstaller(DIF_REGISTERDEVICE) failed"
Fresh new laptop:
OS Name Microsoft Windows 10 Home
Version 10.0.19041 Build 19041
System Type ARM64-based PC
Processor Snapdragon (TM) 850 @ 2.96 GHz, 2956 Mhz, 8 Core(s), 8 Logical Processor(s)
Anybody else with similar processor + windows 10?
amp9020
on 1 Jun 2020
To quote myself from 4 posts above:
Yeah we don't have support for Windows on ARM64 yet.
glimberg
on 1 Jun 2020
To quote myself from 4 posts above:
Yeah we don't have support for Windows on ARM64 yet.
I understand your statement. Hopefully it may be ported one day.
I tried to port it over and found some success.
1>------ Rebuild All started: Project: TapDriver6, Configuration: Win10_Debug ARM64 ------
1>Building 'TapDriver6' with toolset 'WindowsKernelModeDriver10.0' and the 'Windows Driver' target platform.
1>Stamping ARM64Win10_Debugzttap300.inf
1>adapter.c
1>device.c
1>error.c
1>macinfo.c
1>mem.c
1>oidrequest.c
1>rxpath.c
1>tapdrvr.c
1>txpath.c
1>resource.h(36): warning RC4005: '_USE_DECLSPECS_FOR_SAL' : redefinition
1>
1>resource.h(1398): warning RC4005: '_WIN32_WINNT' : redefinition
1>
1>Generating code
1>Finished generating code
1>TapDriver6.vcxproj -> C:SDKZeroTierOne-masterwindowsARM64Win10_Debugzttap300.sys
1>Done Adding Additional Store
1>Successfully signed: C:SDKZeroTierOne-masterwindowsARM64Win10_Debugzttap300.sys
1>
1>Driver is 'Windows Driver'.
1>........................
1>Signability test complete.
1>
1>Errors:
1>None
1>
1>Warnings:
1>None
1>
1>Catalog generation complete.
1>C:SDKZeroTierOne-masterwindowsARM64Win10_DebugTapDriver6zttap300.cat
1>Done Adding Additional Store
1>Successfully signed: C:SDKZeroTierOne-masterwindowsARM64Win10_DebugTapDriver6zttap300.cat
1>
1>Done building project "TapDriver6.vcxproj".
========== Rebuild All: 1 succeeded, 0 failed, 0 skipped ==========
When I take the build over to the Arm64 laptop, and do a right click Install, I get an error message:
"The third-party INF does not contain digital signature information"
Any clues ?
thanks,
amp9020
on 5 Jun 2020
It's not signed with a valid EV driver signing certificate
:)
glimberg
on 5 Jun 2020
a valid EV driver signing certificate
Christ. Okay.
So to make Windows better, Microsoft made it harder to develop on unless you fork out $$$.
In the past we were able to successfully distribute unsigned driver packages that worked fine in Windows. I see this change as a positive but also a bit more difficult to develop on.
Do you think I can disable Device Driver Signing in Windows 10 for testing purposes?
I see some articles but really dont want to tamper unless I need to go there.
Figured I would ask about before deep diving more. I'm willing to using the laptop for test purposes.
Otherwise than that, I think I'll give up for now. thanks again.
amp9020
on 5 Jun 2020
to top off the EV certificate, I think Windows drivers also need to be cosigned by Microsoft now as well. Just to make it even more difficult
I haven't done it in a long time, but it is possible to disable driver signing. IIRC, disabling driver signing in Windows 10 is a boot time option. And it's not sticky so if you reboot, you'll be back to normal driver signing rules.
glimberg
on 5 Jun 2020
Related issues
williamheinz
路
5Comments
bstin
路
3Comments
tim77
路
4Comments
paweljacewicz
路
4Comments
gdamore
路
5Comments