Security Loader Catalog Items and Sysgen Variables (Compact 2013)
3/28/2014
In Windows Embedded Compact, you can use Security Loader, also known as the Loader Verifier Module (LVMOD), to determine whether an application can run, a DLL can load, or a cabinet (.cab) file can be installed on a Windows Embedded Compact powered device. Security Loader determines whether to start the application, load the DLL, or install the .cab file based on either a code signature or whether the module is in ROM.
For more information, see Security Loader Reference.
For more information about how to add or remove catalog items, see Create Your First OS.
Hardware and Software Requirements
- None.
Catalog Items and Sysgen Variables
The following table shows the catalog items and associated SYSGEN variables you can use to add security loader functionality to your OS.
Catalog Item |
SYSGEN variable |
Description |
Dependencies |
---|---|---|---|
Loader Verifier Module |
SYSGEN_LVMOD |
Determines whether code can run on a device based on either a code signature or whether the module is in ROM. With SYSGEN_LVMOD set, only signed modules will load and run if they are not in the run-time image. |
To use test certificates to sign OEM-built modules during development, you must also set BUILD_SIGN=1 and IMGTESTCERTS=1 at the command line. For more information, see Using Test Certificates During Development. |
Remarks
Binaries that are copied into the release directory are not automatically signed, and may fail to load if they are not included in the run-time image. The files that do not load must be digitally signed manually with the command sign <file path> from a build window. Note that the sign command cannot be called from the Flat Release Directory itself. For more information about digital signing with a certificate, see Signing Binaries.