MaterialDesignInXamlToolkit icon indicating copy to clipboard operation
MaterialDesignInXamlToolkit copied to clipboard

Published 20 hours ago verified publisher icon MaterialDesignInXAML

Windows 11 - Smart App Control

Open hathawcs opened this issue 2 years ago • 6 comments

Windows 11 is introducing Smart App Control. One of the security checks for apps is ensuring that the app and its binaries are signed. Because MaterialDesignInXamlToolkit does not sign its binaries, software using it will be blocked from running when Smart App Control is enabled.

Please sign DLLs produced for MaterialDesignInXamlToolkit.

https://support.microsoft.com/en-us/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003

Note: my project is using v3.2.0 of MaterialDesignThemes due to a dependency on .NET v4.5.

hathawcs avatar Jun 12 '23 16:06 hathawcs

@hathawcs To my knowledge, the assemblies ARE signed. Perhaps they were not signed in version 3.2.0, that I do not know.

nicolaihenriksen avatar Jun 13 '23 08:06 nicolaihenriksen

Both 3.20 and 4.8.0 do not have digital signatures. I believe they are strongly named though:

image

image

A signed component will have a Digital Signatures tab, such as this Microsoft dll:

image

When Smart App Control is in evaluation mode, you can see the failing apps in the Event Viewer. For example:

3076,"Code Integrity determined that a process (snipped) attempted to load \snipped\MaterialDesignThemes.Wpf.dll that did not meet the Enterprise signing level requirements or violated code integrity policy (Policy ID:{1283ac0f-fff1-49ae-ada1-8a933130cad6}). However, due to code integrity auditing policy, the image was allowed to load."

Testing Smart App Control

hathawcs avatar Jun 13 '23 16:06 hathawcs

Both 3.20 and 4.8.0 do not have digital signatures. I believe they are strongly named though

Ah yes, my mistake. The key.snk is used for strong naming of course, not digital signatures.

nicolaihenriksen avatar Jun 13 '23 18:06 nicolaihenriksen

even if the project start signing new releases i don't think they will go back and sign old versions and re-release them you might still have the same problem

ahmed-abdelrazek avatar Jun 15 '23 16:06 ahmed-abdelrazek

even if the project start signing new releases i don't think they will go back and sign old versions and re-release them you might still have the same problem

That may be, but all of the software using MaterialDesignInXaml will fail to run when Smart App Control is enabled as it stands now. If the signing isn't backported to previous releases, users of MaterialDesignInXaml that can't update for "reasons" will be put in a bind.

hathawcs avatar Jun 15 '23 17:06 hathawcs

even if the project start signing new releases i don't think they will go back and sign old versions and re-release them you might still have the same problem

That may be, but all of the software using MaterialDesignInXaml will fail to run when Smart App Control is enabled as it stands now. If the signing isn't backported to previous releases, users of MaterialDesignInXaml that can't update for "reasons" will be put in a bind.

you are assuming that everyone that's going to run a software that uses this library is going to run it on windows 11 and/or going to enable this feature also if it was that important to you and you are going to sign your app anyway your best option might be forking the library build and sign it yourself with the same certificate you used for the app

ahmed-abdelrazek avatar Jun 15 '23 17:06 ahmed-abdelrazek

Closed due to staleness

MichelMichels avatar Mar 31 '24 21:03 MichelMichels