Closed jamesmistry closed 3 years ago
Darleev
commented
4 years ago Hello @jamesmistry,
We had a similar request in the past where we have discussed all points related to the feature. Please check it by the link..
Unfortunately, due to unpredictable impact, we are not able to add the feature at this time, but we will keep this request on mind and let you know if we have any updates.
In case of any questions, do not hesitate to contact us.
nibanks
commented
3 years ago I would like to request that this be reopened. Several MSFT Windows teams are open sourcing Windows drivers and are leveraging Azure Pipelines for the automation. Currently, with test signing disabled, this forces us to maintain custom, self-hosted agents/machines. With new restrictions on self-hosted agents being put in place we're even more reliant on the default pool machines.
To your comment above related to "unpredictable impact" would you care to elaborate? It's a sandbox environment, right? Anything that breaks is just thrown away anyways. IMO, this "unknown" should not be reason enough to block this feature.
miketimofeev
commented
3 years ago @nibanks are there any drawbacks of the "test-mode" besides the ones provided here?
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/the-testsigning-boot-configuration-option#behavior-of-windows-when-loading-test-signed-code-is-enabled
nibanks
commented
3 years ago I'm not expert enough to be able to claim knowledge of all impacts of enabling test-signing, but generally all Windows testing uses it. Additionally, all our self-host machines always have it enabled and never have any problems. I would be surprised if any app development was affected unless it explicitly depended on test-signed drivers not being able to be loaded. I don't think that kind of behavior should block enabling of this. We should be able to use this for driver development.
nibanks
commented
3 years ago @miketimofeev so are you Ok with enabling test-signing?
miketimofeev
commented
3 years ago @nibanks let's give it a shot on windows-2022 first as it's in beta state at the moment anyway. If there are no complaints for some period of time we can consider enabling it on windows-2019 as well.
nibanks
commented
3 years ago Great! Sounds good. I'm most interested in the older builds, but I'm totally fine with starting with 2022.
BTW, I was thinking, you might want a new Area: Drivers label for things related to drivers and driver development. This and https://github.com/actions/virtual-environments/issues/3858, as well as all the "update WDK" issues would fall into that category.
al-cheb
commented
3 years ago Windows Server 2022 image with enabled Test signing mode has been deployed.
nibanks
commented
3 years ago @al-cheb WS2022 is just the first step. We need this on all Windows versions. My understanding was that we'd start with 2022, and if all goes well (after x weeks?) it'd be enabled for the rest. Can we keep this open until it's everywhere please? WS2022 can't even be used yet anyways because of a number of other issues.
miketimofeev
commented
3 years ago @nibanks let's get back to this in the mid of October. We will track if there is no complaints for win-2022 and then enable the mode on win-2019
nibanks
commented
3 years ago @miketimofeev It's mid-October so I'd like to ask that we enable test signing for win-2019. We've been using test signing on several projects (on 2022) and it's working great.
al-cheb
commented
2 years ago @nibanks, Windows Server 2019 image with enabled Test signing mode has been deployed.
Tool information
Area for Triage: C/C++
Question, Bug, or Feature?: Feature
Virtual environments affected
Note: not tested on Server 2019
Can this tool be installed during the build? No. This requires a reboot.
Tool installation time in runtime Time of a reboot
Are you willing to submit a PR? Yes