Windows 8 sideloading and Embarcadero’s Metropolis fake-WinRT framework

Embarcardero’s John Ray Thomas and Jason Vokes spoke to me about the company’s forthcoming RAD Studio XE3 development tool and in particular the new Metropolis framework which creates apps that have the appearance of a Windows 8 “Modern UI” (formerly known as Metro) but which are really desktop applications. Metropolis works with both the Delphi/C++ Builder VCL (Visual Component Library) and also with the newer FireMonkey user interface library.

“It’s a pretty large effort for us to get our compilers and runtime over to WinRT – which we intend to do”, said Thomas. In the meantime though, he argues that “Metro is just a style” and that developers will welcome the ability to “get their desktop apps over but participate in the Metro look and feel.”

End-users, explains Thomas, will not care about the WinRT or Win32 technology, but only notice that some apps have the new style and some do not. “We took the VCL and FireMonkey frameworks and used the styling engines that we introduced in XE2 to allow them to modify the forms to take on the look of those controls, as well as adding features like Windows 8 gesture support, improving the touch handling, and also taking on some of the standard templates like the grid and split views.”

Metropolis also support Live Tiles with update of dynamic content, and even enables apps to show up in the Windows 8 App Bar (which most desktop application do not support). This is done by means of a small WinRT app that is installed with the Metropolis application, and which communicates with it over a REST API – there being no built-in inter-process communication between desktop and WinRT apps. The WinRT app is a kind of proxy that lets the user launch or close the desktop Metropolis app. However access to Windows 8 contracts is not supported. “I think we’re hitting on the key elements that end users are going to expect when they’re working with WinRT applications,” says Thomas.

There is also the issue of how to deploy Metropolis apps. They will not be accepted by the Windows Store (other than perhaps as links to a vendor’s site as with other desktop apps), so how will software vendors get them onto a user’s machine? Getting the Win32 part installed is easy using standard Windows setup tools, but what about the WinRT component, if it is used? The procedure for installing a WinRT app without using the Store is called sideloading; and Microsoft intends that it only happens either for development and testing, or for enterprises deploying line of business applications.

“Sideloading requires a digital certificate and using a Powershell script that we provide to do the deployment,” says Thomas. “They can make that part of their standard desktop installer.”

Clever stuff; but will it work? I did some of my own testing. The most detailed technical article on WinRT app deployment is this one, which describes the  add-appxpackage PowerShell command which I presume Embarcadero is using. Using a Windows 8 Professional machine which does not have a developer licence installed, I was able to install my own WinRT app by trusting the certificate generated by Visual Studio as part of the Appx package, and after setting the key:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps = 1

However, although the app installed it did not run.

image

The reason is this:

The computer does not have to be joined to a domain or have an activated sideloading product key before you install provisioned LOB apps. However, the apps will not run until the computer meets this sideloading requirement.

The key statement here concerns the activated sideloading product key. What is this? There is also a reference to it by Microsoft’s Antoine Leblond here:

To enable sideloading of a Metro style app onto a [non domain-joined] PC:

  • Set Group Policy for “Allow all trusted apps to install”. If you cannot use Group Policy, then you can set this through the following setting: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps = 1
  • Verify that the app is signed by a CA that is trusted on the target machines
  • Activate a special product key by using a script on the target machine to enable sideloading. We’ll go into more detail about how the IT admin will acquire the product keys in an upcoming blog post. The product key only needs to be install and activated once on the PC.

The word script is linked to the reference for slmgr.vbs which is used for installing and activating Windows product keys, so although Microsoft has yet to reveal everything about these special product keys, it does sound like something which only makes sense in an enterprise context. A third-party vendor cannot mess with slmgr.vbs, which implies that sideloading will not always work.

Here is a developer who has run into exactly this problem. He wants to be able to deploy “a Win32 app that has a sideloaded WinRT component”. Microsoft’s Tim Heuer says:

I’m pretty sure you’re going to need enterprise SKUs

Maybe Embarcadero has found some setting that makes it work; but even if they have, what if Microsoft made some change to WinRT in the name of security that closes off these loopholes? Or stops the Metropolis REST communication from working?

“Our testing shows that there are switches that can enable that mode and you can set your PowerShell script to do these things,” says Thomas about the latter issue. “We’re going to be working around some of the limitations or additional constraints that Microsoft may put on their environment. We’re going to have to be active in understanding the changes, in talking to Microsoft about it, and updating it as necessary to make it continue to work in their sandboxed environment. It is their environment after all.”

Might there be security risks for the user in opening up holes to make Metropolis apps work? “I don’t think so,” says Thomas. “The WinRT side of it is really just four functions. The fact that they may allow the WinRT app to do this communication I don’t think opens up any kind of security hole.”

Despite Thomas’s reassurance, it seems to me risky to depend on a feature that runs counter to the way the operating system is intended to work.

That said, you can use Metropolis without the WinRT component, though you lose Live Tile support; and in fact such apps will run on older versions of Windows such as XP and Windows 7 as well; though you would have thought that they would make more sense for tablet users who are likely to be running Windows 8 anyway.

Update: this link suggests you could get around the sideloading problem by checking for a development license in a script and renewing if necessary. Make all your users have development licenses though? That does not sound good to me.

2 thoughts on “Windows 8 sideloading and Embarcadero’s Metropolis fake-WinRT framework”

  1. Good opportunity for Linux/BSD/MilaX to make minimal domain controller working in VirtualBox/VirtualPC 🙂

  2. >I’m pretty sure you’re going to need enterprise SKUs
    Really surprised? Complementary I think. Same old story …

Comments are closed.