Onboard Kernel Tests to GitHub (w/ Signing Fixes) (#3699)

.azure/templates/build-config-winkernel.yml

@@ -8,7 +8,7 @@ jobs:
 - job: build_winkernel_${{ parameters.arch }}
   displayName: ${{ parameters.arch }} ${{ parameters.config }}
   pool:
-    vmImage: windows-2019
+    vmImage: windows-2022
   steps:
   - checkout: self
     path: msquic
@@ -18,7 +18,7 @@ jobs:
     inputs:
       pwsh: true
       filePath: scripts/prepare-machine.ps1
-      arguments: -ForBuild -ForKernel -InstallCoreNetCiDeps
+      arguments: -ForBuild -ForKernel
 
   - task: NuGetCommand@2
     displayName: Nuget Restore

.github/workflows/bvt.yml

@@ -127,48 +127,50 @@ jobs:
         name: ${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.tls }}${{ matrix.systemcrypto }}${{ matrix.xdp }}${{ matrix.qtip }}${{ matrix.sanitize }}
         path: artifacts
 
-  # TODO: Get this working
-  # bvt-kernel:
-  #   name: BVT Kernel
-  #   needs: []
-  #   strategy:
-  #     fail-fast: false
-  #     matrix:
-  #       os: ['windows-2022']
-  #       arch: [x64]
-  #       tls: [schannel]
-  #   runs-on: ${{ matrix.os }}
-  #   steps:
-  #   - name: Checkout repository
-  #     uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
-  #   - name: Prepare Machine
-  #     shell: pwsh
-  #     run: scripts/prepare-machine.ps1 -ForBuild -ForTest -ForKernel
-  #   - name: Add msbuild to PATH
-  #     uses: microsoft/setup-msbuild@34cfbaee7f672c76950673338facd8a73f637506
-  #   - name: Nuget Restore
-  #     shell: pwsh
-  #     run: msbuild msquic.kernel.sln -t:restore /p:RestorePackagesConfig=true /p:Configuration=Debug /p:Platform=${{ matrix.arch }}
-  #   - name: Build Kernel
-  #     shell: pwsh
-  #     run: msbuild msquic.kernel.sln /p:Configuration=Debug /p:Platform=${{ matrix.arch }} /p:QUIC_VER_SUFFIX=-official
-  #   - name: Build User
-  #     shell: pwsh
-  #     run: scripts/build.ps1 -Config Debug -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} -DisableTools -DisablePerf
-  #   - name: Install ETW Manifest
-  #     shell: pwsh
-  #     run: |
-  #       $MsQuicDll = ".\artifacts\bin\windows\${{ matrix.arch }}_Debug_${{ matrix.tls }}\msquic.dll"
-  #       $ManifestPath = ".\src\manifest\MsQuicEtw.man"
-  #       wevtutil.exe um $ManifestPath
-  #       wevtutil.exe im $ManifestPath /rf:$($MsQuicDll) /mf:$($MsQuicDll)
-  #   - name: Test
-  #     shell: pwsh
-  #     timeout-minutes: 90
-  #     run: scripts/test.ps1 -Config Debug -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} -GHA -LogProfile Full.Light -GenerateXmlResults -Kernel
-  #   - name: Upload on Failure
-  #     uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
-  #     if: failure()
-  #     with:
-  #       name: ${{ matrix.os }}-winkernel-${{ matrix.arch }}-${{ matrix.tls }}
-  #       path: artifacts
+  bvt-kernel:
+    name: BVT Kernel
+    needs: []
+    strategy:
+      fail-fast: false
+      matrix:
+        os: ['windows-2022']
+        arch: [x64]
+        tls: [schannel]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+    - name: Prepare Machine
+      shell: pwsh
+      run: scripts/prepare-machine.ps1 -ForBuild -ForTest -ForKernel
+    - name: Add msbuild to PATH
+      uses: microsoft/setup-msbuild@34cfbaee7f672c76950673338facd8a73f637506
+    - name: Nuget Restore
+      shell: pwsh
+      run: msbuild msquic.kernel.sln -t:restore /p:RestorePackagesConfig=true /p:Configuration=Debug /p:Platform=${{ matrix.arch }}
+    - name: Build Kernel
+      shell: pwsh
+      run: msbuild msquic.kernel.sln /p:Configuration=Debug /p:Platform=${{ matrix.arch }} /p:QUIC_VER_SUFFIX=-official /p:QUIC_VER_GIT_HASH=${{ github.sha }}
+    - name: Build User
+      shell: pwsh
+      run: scripts/build.ps1 -Config Debug -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} -DisableTools -DisablePerf
+    - name: Sign Kernel
+      shell: pwsh
+      run: scripts/sign.ps1 -Config Debug -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }}
+    - name: Install ETW Manifest
+      shell: pwsh
+      run: |
+        $MsQuicDll = ".\artifacts\bin\windows\${{ matrix.arch }}_Debug_${{ matrix.tls }}\msquic.dll"
+        $ManifestPath = ".\src\manifest\MsQuicEtw.man"
+        wevtutil.exe um $ManifestPath
+        wevtutil.exe im $ManifestPath /rf:$($MsQuicDll) /mf:$($MsQuicDll)
+    - name: Test
+      shell: pwsh
+      timeout-minutes: 90
+      run: scripts/test.ps1 -Config Debug -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} -GHA -LogProfile Full.Light -GenerateXmlResults -Kernel -Filter -*ValidateConfiguration:*ValidAlpnLengths:*ResumeRejection*:*ClientCertificate*:*LoadBalanced*
+    - name: Upload on Failure
+      uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+      if: failure()
+      with:
+        name: ${{ matrix.os }}-winkernel-${{ matrix.arch }}-${{ matrix.tls }}
+        path: artifacts

scripts/prepare-machine.ps1

@@ -59,7 +59,7 @@ param (
     [switch]$InitSubmodules,
 
     [Parameter(Mandatory = $false)]
-    [switch]$InstallSigningCertificate,
+    [switch]$InstallSigningCertificates,
 
     [Parameter(Mandatory = $false)]
     [switch]$InstallTestCertificates,
@@ -129,10 +129,6 @@ if ($UseXdp) {
     }
 }
 
-if ($InstallDuoNic) {
-    $InstallCoreNetCiDeps = $true;
-}
-
 if (!$ForOneBranch -and !$ForOneBranchPackage -and !$ForBuild -and !$ForTest -and !$InstallXdpDriver -and !$UninstallXdp) {
     # When no args are passed, assume we want to build and test everything
     # locally (i.e. a dev environment). Set Tls to OpenSSL to make sure
@@ -149,15 +145,15 @@ if ($ForBuild) {
     $InstallJom = $true
     $InstallXdpSdk = $true
     $InitSubmodules = $true
+    $InstallCoreNetCiDeps = $true; # For kernel signing certs
 }
 
 if ($ForTest) {
     # When configured for testing, make sure we have all possible dependencies
     # enabled for any possible test.
-    $InstallSigningCertificate = $true
     $InstallTestCertificates = $true
-
     $InstallClog2Text = $true
+    $InstallSigningCertificates = $true; # For kernel drivers
 
     #$InstallCodeCoverage = $true # Ideally we'd enable this by default, but it
                                   # hangs sometimes, so we only want to install
@@ -167,6 +163,16 @@ if ($ForTest) {
 if ($InstallXdpDriver) {
     # The XDP SDK contains XDP driver, so ensure it's downloaded.
     $InstallXdpSdk = $true
+    $InstallSigningCertificates = $true;
+}
+
+if ($InstallDuoNic) {
+    $InstallSigningCertificates = $true;
+}
+
+if ($InstallSigningCertificates) {
+    # Signing certs need the CoreNet-CI dependencies.
+    $InstallCoreNetCiDeps = $true;
 }
 
 # Root directory of the project.
@@ -194,6 +200,26 @@ function Download-CoreNet-Deps {
     }
 }
 
+# Installs the certs downloaded via Download-CoreNet-Deps and used for signing
+# our test drivers.
+function Install-SigningCertificates {
+    if (!$IsWindows) { return } # Windows only
+
+    # Check to see if test signing is enabled.
+    $HasTestSigning = $false
+    try { $HasTestSigning = ("$(bcdedit)" | Select-String -Pattern "testsigning\s+Yes").Matches.Success } catch { }
+    if (!$HasTestSigning) { Write-Error "Test Signing Not Enabled!" }
+
+    Write-Host "Installing driver signing certificates"
+    try {
+        CertUtil.exe -addstore Root "$SetupPath\CoreNetSignRoot.cer"
+        CertUtil.exe -addstore TrustedPublisher "$SetupPath\CoreNetSignRoot.cer"
+        CertUtil.exe -addstore Root "$SetupPath\testroot-sha2.cer" # For duonic
+    } catch {
+        Write-Host "WARNING: Exception encountered while installing signing certs. Drivers may not start!"
+    }
+}
+
 # Downloads the latest version of XDP (for building).
 function Install-Xdp-Sdk {
     if (!$IsWindows) { return } # Windows only
@@ -227,12 +253,6 @@ function Install-Xdp-Driver {
         Write-Error "XDP installation failed: driver file not present"
     }
 
-    Write-Host "Installing XDP certificate"
-    try {
-        CertUtil.exe -addstore Root "$XdpPath\bin\CoreNetSignRoot.cer"
-        CertUtil.exe -addstore TrustedPublisher "$XdpPath\bin\CoreNetSignRoot.cer"
-    } catch { }
-
     Write-Host "Installing XDP driver"
     netcfg.exe -l "$XdpPath\bin\xdp.inf" -c s -i ms_xdp
 }
@@ -252,17 +272,6 @@ function Uninstall-Xdp {
 # Installs DuoNic from the CoreNet-CI repo.
 function Install-DuoNic {
     if (!$IsWindows) { return } # Windows only
-    # Check to see if test signing is enabled.
-    $HasTestSigning = $false
-    try { $HasTestSigning = ("$(bcdedit)" | Select-String -Pattern "testsigning\s+Yes").Matches.Success } catch { }
-    if (!$HasTestSigning) { Write-Error "Test Signing Not Enabled!" }
-
-    # Install the test root certificate.
-    Write-Host "Installing test root certificate"
-    $RootCertPath = Join-Path $SetupPath "testroot-sha2.cer"
-    if (!(Test-Path $RootCertPath)) { Write-Error "Missing file: $RootCertPath" }
-    certutil.exe -addstore -f "Root" $RootCertPath
-
     # Install the DuoNic driver.
     Write-Host "Installing DuoNic driver"
     $DuoNicPath = Join-Path $SetupPath duonic
@@ -359,21 +368,6 @@ function Win-SupportsCerts {
     return $true
 }
 
-# Creates and installs a certificate to use for local signing.
-function Install-SigningCertificate {
-    if (!$IsWindows -or !(Win-SupportsCerts)) { return } # Windows only
-    if (!(Test-Path c:\CodeSign.pfx)) {
-        Write-Host "Creating signing certificate"
-        $CodeSignCert = New-SelfSignedCertificate -Type Custom -Subject "CN=MsQuicTestCodeSignRoot" -FriendlyName MsQuicTestCodeSignRoot -KeyUsageProperty Sign -KeyUsage DigitalSignature -CertStoreLocation cert:\CurrentUser\My -HashAlgorithm SHA256 -Provider "Microsoft Software Key Storage Provider" -KeyExportPolicy Exportable -NotAfter(Get-Date).AddYears(1) -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.6","2.5.29.19 = {text}")
-        $CodeSignCertPath = Join-Path $Env:TEMP "CodeSignRoot.cer"
-        Export-Certificate -Type CERT -Cert $CodeSignCert -FilePath $CodeSignCertPath
-        CertUtil.exe -addstore Root $CodeSignCertPath
-        Export-PfxCertificate -Cert $CodeSignCert -Password $PfxPassword -FilePath c:\CodeSign.pfx
-        Remove-Item $CodeSignCertPath
-        Remove-Item $CodeSignCert.PSPath
-    }
-}
-
 # Creates and installs certificates used for testing.
 function Install-TestCertificates {
     if (!$IsWindows -or !(Win-SupportsCerts)) { return } # Windows only
@@ -515,6 +509,7 @@ if ($InitSubmodules) {
 }
 
 if ($InstallCoreNetCiDeps) { Download-CoreNet-Deps }
+if ($InstallSigningCertificates) { Install-SigningCertificates }
 if ($InstallDuoNic) { Install-DuoNic }
 if ($InstallXdpSdk) { Install-Xdp-Sdk }
 if ($InstallXdpDriver) { Install-Xdp-Driver }
@@ -522,7 +517,6 @@ if ($UninstallXdp) { Uninstall-Xdp }
 if ($InstallNasm) { Install-NASM }
 if ($InstallJOM) { Install-JOM }
 if ($InstallCodeCoverage) { Install-OpenCppCoverage }
-if ($InstallSigningCertificate) { Install-SigningCertificate }
 if ($InstallTestCertificates) { Install-TestCertificates }
 
 if ($IsLinux) {

scripts/run-gtest.ps1

@@ -173,6 +173,16 @@ function LogErr($msg) {
     }
 }
 
+function LogFatal($msg) {
+    if ($AZP -and !$ErrorsAsWarnings) {
+        Write-Error "##vso[task.LogIssue type=error;][$(Get-Date)] $msg"
+    } elseif ($GHA -and !$ErrorsAsWarnings) {
+        Write-Error "::error::[$(Get-Date)] $msg"
+    } else {
+        Write-Error "[$(Get-Date)] $msg"
+    }
+}
+
 # Make sure the test executable is present.
 if (!(Test-Path $Path)) {
     Write-Error "$($Path) does not exist!"
@@ -770,32 +780,23 @@ if ($IsWindows -and $EnableAppVerifier) {
     }
 }
 
+$DriverPath = (Split-Path $Path -Parent)
+
 # Install the kernel mode drivers.
 if ($Kernel -ne "") {
     if ($null -ne (Get-Service -Name "msquicpriv" -ErrorAction Ignore)) {
-        try {
-            net.exe stop msquicpriv /y | Out-Null
-        }
-        catch {}
+        try { net.exe stop msquicpriv /y | Out-Null } catch {}
         sc.exe delete msquicpriv /y | Out-Null
     }
     if ($null -ne (Get-Service -Name "msquictestpriv" -ErrorAction Ignore)) {
-        try {
-            net.exe stop msquictestpriv /y | Out-Null
-        }
-        catch {}
+        try { net.exe stop msquictestpriv /y | Out-Null } catch {}
         sc.exe delete msquictestpriv /y | Out-Null
     }
-    Copy-Item (Join-Path $Kernel "msquictestpriv.sys") (Split-Path $Path -Parent)
-    Copy-Item (Join-Path $Kernel "msquicpriv.sys") (Split-Path $Path -Parent)
+    Copy-Item (Join-Path $Kernel "msquictestpriv.sys") $DriverPath -Force
+    Copy-Item (Join-Path $Kernel "msquicpriv.sys") $DriverPath -Force
 
-    $SignTool = Get-WindowsKitTool -Tool "signtool.exe"
-
-    if (Test-Path c:\CodeSign.pfx) {
-        & $SignTool sign /f C:\CodeSign.pfx -p "placeholder" /fd SHA256 /tr http://timestamp.digicert.com /td SHA256  (Join-Path (Split-Path $Path -Parent) "msquicpriv.sys")
-        & $SignTool sign /f C:\CodeSign.pfx -p "placeholder" /fd SHA256 /tr http://timestamp.digicert.com /td SHA256  (Join-Path (Split-Path $Path -Parent) "msquictestpriv.sys")
-    }
-    sc.exe create "msquicpriv" type= kernel binpath= (Join-Path (Split-Path $Path -Parent) "msquicpriv.sys") start= demand | Out-Null
+    Log "Creating msquicpriv service"
+    sc.exe create "msquicpriv" type= kernel binpath= (Join-Path $DriverPath msquicpriv.sys) start= demand | Out-Null
     if ($LastExitCode) {
         Log ("sc.exe " + $LastExitCode)
     }
@@ -805,10 +806,20 @@ if ($Kernel -ne "") {
             Log ("verifier.exe " + $LastExitCode)
         }
     }
-    net.exe start msquicpriv
+
+    Log "Starting msquicpriv service"
+    sc.exe start msquicpriv
     if ($LastExitCode) {
         Log ("net.exe " + $LastExitCode)
     }
+
+    try {
+        if ("Running" -ne (Get-Service -Name msquicpriv).Status) {
+            LogFatal "msquicpriv isn't running"
+        }
+    } catch {
+        LogFatal "msquicpriv query failed"
+    }
 }
 
 if ($IsWindows -and $EnableSystemVerifier) {
@@ -885,6 +896,8 @@ try {
         net.exe stop msquicpriv /y | Out-Null
         sc.exe delete msquictestpriv | Out-Null
         sc.exe delete msquicpriv | Out-Null
+        Remove-Item (Join-Path $DriverPath msquicpriv.sys) -Force
+        Remove-Item (Join-Path $DriverPath msquictestpriv.sys) -Force
     }
 
     if ($IsWindows -and $EnableSystemVerifier) {

scripts/sign.ps1

@@ -74,18 +74,16 @@ $DriverFiles = @(
     (Join-Path $ArtifactsDir "msquic.sys"),
     (Join-Path $ArtifactsDir "msquicpriv.sys"),
     (Join-Path $ArtifactsDir "secnetperfdrv.sys"),
-    (Join-Path $ArtifactsDir "secnetperfdrvpriv.sys")
+    (Join-Path $ArtifactsDir "secnetperfdrvpriv.sys"),
+    (Join-Path $ArtifactsDir "msquictestpriv.sys")
 )
 
-# Verify all the files are present.
-foreach ($File in $DriverFiles) {
-    if (!(Test-Path $File)) {
-        Write-Error "$File does not exist!"
-    }
-}
-
 # Sign the driver files.
 foreach ($File in $DriverFiles) {
-    & $SignToolPath sign /f $CertPath -p "placeholder" /fd SHA256 $File
-    if ($LastExitCode) { Write-Error "signtool.exe exit code: $LastExitCode" }
+    if (!(Test-Path $File)) {
+        Write-Host "Warning: $File does not exist! Skipping signing."
+    } else {
+        & $SignToolPath sign /f $CertPath -p "placeholder" /fd SHA256 $File
+        if ($LastExitCode) { Write-Error "signtool.exe exit code: $LastExitCode" }
+    }
 }

src/bin/winkernel/msquic.kernel.vcxproj

@@ -50,6 +50,7 @@
     <ConfigurationType>Driver</ConfigurationType>
     <DriverType>KMDF</DriverType>
     <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <_NT_TARGET_VERSION>0x0A00000A</_NT_TARGET_VERSION>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
     <UseDebugLibraries>true</UseDebugLibraries>

src/bin/winkernel/msquicpriv.kernel.vcxproj

@@ -50,6 +50,7 @@
     <ConfigurationType>Driver</ConfigurationType>
     <DriverType>KMDF</DriverType>
     <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <_NT_TARGET_VERSION>0x0A00000A</_NT_TARGET_VERSION>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
     <UseDebugLibraries>true</UseDebugLibraries>

src/core/core.kernel.vcxproj

@@ -111,6 +111,7 @@
     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <_NT_TARGET_VERSION>0x0A00000A</_NT_TARGET_VERSION>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
     <UseDebugLibraries>true</UseDebugLibraries>

src/manifest/manifest.kernel.vcxproj

@@ -31,6 +31,7 @@
     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <_NT_TARGET_VERSION>0x0A00000A</_NT_TARGET_VERSION>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
     <UseDebugLibraries>true</UseDebugLibraries>

src/perf/bin/secnetperfdriver.kernel.vcxproj

@@ -45,6 +45,7 @@
     <ConfigurationType>Driver</ConfigurationType>
     <DriverType>KMDF</DriverType>
     <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <_NT_TARGET_VERSION>0x0A00000A</_NT_TARGET_VERSION>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
     <UseDebugLibraries>true</UseDebugLibraries>

src/perf/bin/secnetperfdriverpriv.kernel.vcxproj

@@ -45,6 +45,7 @@
     <ConfigurationType>Driver</ConfigurationType>
     <DriverType>KMDF</DriverType>
     <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <_NT_TARGET_VERSION>0x0A00000A</_NT_TARGET_VERSION>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
     <UseDebugLibraries>true</UseDebugLibraries>

src/perf/lib/perflib.kernel.vcxproj

@@ -42,6 +42,7 @@
     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <_NT_TARGET_VERSION>0x0A00000A</_NT_TARGET_VERSION>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
     <UseDebugLibraries>true</UseDebugLibraries>

src/platform/platform.kernel.vcxproj

@@ -45,6 +45,7 @@
     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <_NT_TARGET_VERSION>0x0A00000A</_NT_TARGET_VERSION>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
     <UseDebugLibraries>true</UseDebugLibraries>

src/test/bin/winkernel/msquictest.kernel.vcxproj

@@ -49,6 +49,7 @@
     <ConfigurationType>Driver</ConfigurationType>
     <DriverType>KMDF</DriverType>
     <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <_NT_TARGET_VERSION>0x0A00000A</_NT_TARGET_VERSION>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
     <UseDebugLibraries>true</UseDebugLibraries>

src/test/bin/winkernel/msquictestpriv.kernel.vcxproj

@@ -49,6 +49,7 @@
     <ConfigurationType>Driver</ConfigurationType>
     <DriverType>KMDF</DriverType>
     <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <_NT_TARGET_VERSION>0x0A00000A</_NT_TARGET_VERSION>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
     <UseDebugLibraries>true</UseDebugLibraries>

src/test/lib/testlib.kernel.vcxproj

@@ -53,6 +53,7 @@
     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <_NT_TARGET_VERSION>0x0A00000A</_NT_TARGET_VERSION>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)'=='Debug'" Label="Configuration">
     <UseDebugLibraries>true</UseDebugLibraries>