IOCTL_HAL_GET_IMAGE_SIGNED_STATE (Windows CE 5.0)
This IOCTL is used to retrieve the signed state of an OS image.
Parameters
dwIoControlCode
[in] Set to IOCTL_HAL_GET_IMAGE_SIGNED_STATE.lpInBuf
[in] Set to NULL; not used.nInBufSize
[in] Set to zero; not used.lpOutBuf
[out] Pointer to a DWORD value.The following are defined DWORD values for this parameter:
Value Description IMAGE_NOT_SIGNED The boot loader either did not perform signature checks on the image or the image failed the signature check. IMAGE_TEST_SIGNED The image was validated using a test root public key. IMAGE_FINAL_SIGNED The image was validated using a product root public key. nOutBufSize
[out] Size of lpOutBuf.lpBytesReturned
[in] If not NULL, set to the size of the DWORD value.lpOverlapped
[in] Set to NULL.
Return Values
TRUE indicates success. FALSE indicates failure.
Remarks
The boot loader keeps track of the signed state of the OS image when it loads the OS image for execution into memory in its boot arguments, bootargs. The boot loader has to be a fixed component, which means that it has to be in a read-only part or is not updateable, to make sure that it cannot be tampered with.
OEMs can use this IOCTL to verify the signed state of an OS image and then output a message indicating the state. It is up to the OEMs to implement this functionality.
Requirements
OS Versions: Windows CE .NET 4.2 and later.
Header: Pkfuncs.h.
See Also
Send Feedback on this topic to the authors