IOCTL_HAL_GET_IMAGE_SIGNED_STATE (Compact 2013)
10/16/2014
This I/O control message is used to retrieve the signed state of a run-time image. Send this message with OEMIoControl.
Syntax
BOOL OEMIoControl(
DWORD dwIoControlCode, // use IOCTL_HAL_GET_IMAGE_SIGNED_STATE
LPVOID lpInBuffer, // pointer to input buffer
DWORD nInBufferSize, // input buffer size
LPVOID lpOutBuffer, // pointer to output buffer
DWORD nOutBufferSize, // output buffer size
LPDWORD lpBytesReturned // number of bytes returned
);
Parameters
- dwIoControlCode
[in] Control code for the operation. Use IOCTL_HAL_GET_IMAGE_SIGNED_STATE for this operation.
- lpInBuffer
[in] Set to NULL.
- nInBufferSize
[in] Set to zero.
lpOutBuffer
[out] Pointer to a DWORD value. The following are defined DWORD values for this parameter:Value
Description
IMAGE_NOT_SIGNED
The boot loader either did not perform signature checks on the image or the image failed the signature check.
IMAGE_TEST_SIGNED
The image was validated using a test root public key.
IMAGE_FINAL_SIGNED
The image was validated using a product root public key.
- nOutBufferSize
[out] Size of lpOutBuffer.
- lpBytesReturned
[in] If not NULL, set to size of DWORD.
Return Values
Returns TRUE if successful; otherwise, returns FALSE.
Remarks
The boot loader keeps track of the signed state of the run-time image when it loads the run-time image for execution into memory in its boot arguments, bootargs. The boot loader has to be a fixed component, which means that it has to be in a read-only part or is not updateable, to make sure that it cannot be tampered with.
OEMs can use this I/O control to verify the signed state of a run-time image and then output a message indicating the state. It is up to the OEMs to implement this functionality.
Requirements
Header |
pkfuncs.h |