IOCTL_HAL_GET_IMAGE_SIGNED_STATE (Windows Embedded CE 6.0)
1/5/2010
This IOCTL is used to retrieve the signed state of an OS image.
Parameters
- dwIoControlCode
[in] Set to IOCTL_HAL_GET_IMAGE_SIGNED_STATE.
- lpInBuf
[in] Set to NULL; not used.
- nInBufSize
[in] Set to zero; not used.
lpOutBuf
[out] Pointer to a DWORD value.The following are defined DWORD values for this parameter:
Value Description IMAGE_NOT_SIGNED
The boot loader either did not perform signature checks on the image or the image failed the signature check.
IMAGE_TEST_SIGNED
The image was validated using a test root public key.
IMAGE_FINAL_SIGNED
The image was validated using a product root public key.
- nOutBufSize
[out] Size of lpOutBuf.
- lpBytesReturned
[in] If not NULL, set to the size of the DWORD value.
Return Values
TRUE indicates success. FALSE indicates failure.
Remarks
The boot loader keeps track of the signed state of the OS image when it loads the OS image for execution into memory in its boot arguments, bootargs. The boot loader has to be a fixed component, which means that it has to be in a read-only part or is not updateable, to make sure that it cannot be tampered with.
OEMs can use this IOCTL to verify the signed state of an OS image and then output a message indicating the state. It is up to the OEMs to implement this functionality.
Requirements
| Header | pkfuncs.h |
| Windows Embedded CE | Windows CE .NET 4.2 and later |