I am trying to download the Vivado HLx Webpack 2016.2 Web Installer for Win64, and my browsers are saying the signature is corrupt or invalid.
I am using Windows 10, as an administrator, and do not have any antivirus or firewall other than what is built into Windows 10. I am logged into the Xilinx website using my credentials.
I have tried with multiple browsers and I get the same error:
The Xilinx_Vivado_SDK_2016.2_0605_1_Win64.exe is signed, so you can ignore the message for now and go ahead to the download directory and run the application. If messages appear stating that there is an unknown publisher, you can choose to run anyway. It will install without issues.
From the Microsoft Security Advisory:
"Microsoft has released a SHA-1 code sign deprecation change effective January 1, 2016, focused on client activity that can only occur when a customer downloads files from the Internet. This change is specific to a new default setting for Windows and customers can override or augment the default settings in their environment.For customers running either Internet Explorer or Microsoft Edge who download a SHA-1 signed file from the Internet that is timestamped and released on January 1, 2016, or later, SmartScreen will mark the file as not trusted. This status does not prevent customers from downloading the file or running these browsers on their computers. But customers are warned of the not trusted status of the file.This change only affects Mark-of-the-Web (MOTW) files downloaded from the Internet. Files timestamped before January 1, 2016, will continue to be trusted. Drivers with signatures verified by Code Integrity are not affected by this change."
For Vivado 2016.3 release files, Xilinx will apply a new certificate to match the updated Microsoft requirement.