Windows 10 Cloud: UMCI addendum to Part 2

Windows 10 Cloud uses strongly enforced UMCI to make unsigned applications not work.

In the system, sensitive entry points such as cmd, powershell, cscript, regedit, reg, and more are considered as unsigned, so that they would be locked down by UMCI.

bash.exe, with its recent interop features permits workarounding some* of those restrictions, by enabling testsigning mode.

test@testvm$ /mnt/c/Windows/System32/bcdedit.exe /set {default} testsigning on

test@testvm$ /mnt/c/Windows/System32/bcdedit.exe /set {default} nointegritychecks on

Which only works when Secure Boot is enabled. As such, this Windows SKU depends on Secure Boot for its security system.

UMCI is a(n anti)feature enforced at the Licensing level.

* blocked apps included in Windows will continue to not run, but the point is moot as you can resign them.

Leave a Reply

Your email address will not be published. Required fields are marked *