Partager via


IOCTL_HAL_GET_IMAGE_SIGNED_STATE (Windows Embedded CE 6.0)

1/5/2010

This IOCTL is used to retrieve the signed state of an OS image.

Parameters

  • dwIoControlCode
    [in] Set to IOCTL_HAL_GET_IMAGE_SIGNED_STATE.
  • lpInBuf
    [in] Set to NULL; not used.
  • nInBufSize
    [in] Set to zero; not used.
  • lpOutBuf
    [out] Pointer to a DWORD value.

    The following are defined DWORD values for this parameter:

    Value Description

    IMAGE_NOT_SIGNED

    The boot loader either did not perform signature checks on the image or the image failed the signature check.

    IMAGE_TEST_SIGNED

    The image was validated using a test root public key.

    IMAGE_FINAL_SIGNED

    The image was validated using a product root public key.

  • nOutBufSize
    [out] Size of lpOutBuf.
  • lpBytesReturned
    [in] If not NULL, set to the size of the DWORD value.

Return Values

TRUE indicates success. FALSE indicates failure.

Remarks

The boot loader keeps track of the signed state of the OS image when it loads the OS image for execution into memory in its boot arguments, bootargs. The boot loader has to be a fixed component, which means that it has to be in a read-only part or is not updateable, to make sure that it cannot be tampered with.

OEMs can use this IOCTL to verify the signed state of an OS image and then output a message indicating the state. It is up to the OEMs to implement this functionality.

Requirements

Header pkfuncs.h
Windows Embedded CE Windows CE .NET 4.2 and later

See Also

Reference

Security IOCTLs
OEMCheckSignature