From d0398da4f9293d31aae8adabfaac5703bccec416 Mon Sep 17 00:00:00 2001 From: Ashleigh Brennan Date: Tue, 5 May 2026 11:54:49 -0500 Subject: [PATCH] CNV-77283: Update RH virtio driver docs --- ...dating-red-hat-virtio-drivers-windows.adoc | 33 +++++++++++++++++++ .../virt-updating-virtio-drivers-windows.adoc | 12 ++++--- ...install-virtio-drivers-on-windows-vms.adoc | 1 - .../virt-update-virtio-drivers.adoc | 6 ++++ 4 files changed, 47 insertions(+), 5 deletions(-) create mode 100644 modules/virt-updating-red-hat-virtio-drivers-windows.adoc diff --git a/modules/virt-updating-red-hat-virtio-drivers-windows.adoc b/modules/virt-updating-red-hat-virtio-drivers-windows.adoc new file mode 100644 index 000000000000..a3d2a88dc233 --- /dev/null +++ b/modules/virt-updating-red-hat-virtio-drivers-windows.adoc @@ -0,0 +1,33 @@ +// Module included in the following assemblies: +// +// * virt/managing_vms/virt-update-virtio-drivers.adoc + +:_mod-docs-content-type: PROCEDURE +[id="virt-updating-red-hat-virtio-drivers-windows_{context}"] += Enable automatic updates for Red{nbsp}Hat virtio-win drivers + +[role="_abstract"] +If the Windows Update service (WUS) is restricted to allow only drivers explicitly signed and published by Microsoft, automatic Red{nbsp}Hat `virtio-win` driver updates are disabled. You must manually complete the required configuration steps to enable automatic updates for Red{nbsp}Hat `virtio-win` drivers on a Windows virtual machine (VM). + +.Prerequisites + +* The cluster must have internet connectivity. Disconnected clusters cannot reach the WUS. + +.Procedure + +. Import the Red Hat Release Certificate into the Trusted Publishers store. ++ +Example command: ++ +[source,powershell] +---- +Import-Certificate -FilePath "redhat-driver-cert.cer" -CertStoreLocation Cert:\LocalMachine\TrustedPublisher +---- + +. In the Group Policy Management Console (GPMC): + +.. Set the `Allow signed updates from an intranet Microsoft update service location` policy to `Enabled`. ++ +If a driver is signed by a certificate in the Trusted Publishers store, it is now accepted, even if it didn't come from Microsoft directly. + +.. Set the `Do not include drivers with Windows Updates` policy to `Disabled`. diff --git a/modules/virt-updating-virtio-drivers-windows.adoc b/modules/virt-updating-virtio-drivers-windows.adoc index d1fd46c9e6ed..d0c8182de090 100644 --- a/modules/virt-updating-virtio-drivers-windows.adoc +++ b/modules/virt-updating-virtio-drivers-windows.adoc @@ -1,18 +1,22 @@ // Module included in the following assemblies: // -// * virt/virtual_machines/creating_vms_custom/virt-installing-qemu-guest-agent.adoc -// * virt/backup_restore/virt-managing-vm-snapshots.adoc +// * virt/managing_vms/virt-update-virtio-drivers.adoc :_mod-docs-content-type: PROCEDURE [id="virt-updating-virtio-drivers-windows_{context}"] = Update VirtIO drivers on a Windows VM [role="_abstract"] -You can update the VirtIO drivers on a Windows virtual machine (VM) by using the Windows Update service. +You can update the VirtIO drivers on a Windows virtual machine (VM) by using the Windows Update service (WUS). + +[IMPORTANT] +==== +If you restrict the WUS to only allow drivers explicitly signed and published by Microsoft, automatic Red{nbsp}Hat `virtio-win` driver updates are disabled. For information about enabling automatic Red{nbsp}Hat VirtIO driver updates, see "Enable automatic updates for Red{nbsp}Hat virtio-win drivers". +==== .Prerequisites -* The cluster must have internet connectivity. Disconnected clusters cannot reach the Windows Update service. +* The cluster must have internet connectivity. Disconnected clusters cannot reach the WUS. .Procedure diff --git a/virt/managing_vms/virt-install-virtio-drivers-on-windows-vms.adoc b/virt/managing_vms/virt-install-virtio-drivers-on-windows-vms.adoc index 7f039ed80063..1693a44de5e2 100644 --- a/virt/managing_vms/virt-install-virtio-drivers-on-windows-vms.adoc +++ b/virt/managing_vms/virt-install-virtio-drivers-on-windows-vms.adoc @@ -40,4 +40,3 @@ include::modules/virt-adding-container-disk-as-cd.adoc[leveloffset=+1] include::modules/virt-installing-virtio-drivers-installing-windows.adoc[leveloffset=+1] include::modules/virt-installing-virtio-drivers-existing-windows.adoc[leveloffset=+1] - diff --git a/virt/managing_vms/virt-update-virtio-drivers.adoc b/virt/managing_vms/virt-update-virtio-drivers.adoc index 80338949dec1..e9b9d7dddb06 100644 --- a/virt/managing_vms/virt-update-virtio-drivers.adoc +++ b/virt/managing_vms/virt-update-virtio-drivers.adoc @@ -9,5 +9,11 @@ toc::[] [role="_abstract"] Update VirtIO drivers in guest operating systems. Using the latest VirtIO drivers increases performance and stability. +include::modules/virt-updating-red-hat-virtio-drivers-windows.adoc[leveloffset=+1] include::modules/virt-updating-virtio-drivers-windows.adoc[leveloffset=+1] +[role="_additional-resources"] +[id="additional-resources_{context}"] +== Additional resources +* link:https://learn.microsoft.com/en-us/windows/deployment/update/waas-wu-settings#allow-signed-updates-from-an-intranet-microsoft-update-service-location[Allow signed updates from an intranet Microsoft update service location] +* link:https://learn.microsoft.com/en-us/windows/deployment/update/waas-wu-settings#do-not-include-drivers-with-windows-updates[Do not include drivers with Windows Updates]