다음을 통해 공유


IOCTL_HAL_GET_IMAGE_SIGNED_STATE (Compact 2013)

10/16/2014

This I/O control message is used to retrieve the signed state of a run-time image. Send this message with OEMIoControl.

Syntax

BOOL OEMIoControl(
    DWORD dwIoControlCode,    // use IOCTL_HAL_GET_IMAGE_SIGNED_STATE
    LPVOID lpInBuffer,        // pointer to input buffer
    DWORD nInBufferSize,      // input buffer size
    LPVOID lpOutBuffer,       // pointer to output buffer
    DWORD nOutBufferSize,     // output buffer size
    LPDWORD lpBytesReturned   // number of bytes returned
);

Parameters

  • dwIoControlCode
    [in] Control code for the operation. Use IOCTL_HAL_GET_IMAGE_SIGNED_STATE for this operation.
  • lpInBuffer
    [in] Set to NULL.
  • nInBufferSize
    [in] Set to zero.
  • lpOutBuffer
    [out] Pointer to a DWORD value. The following are defined DWORD values for this parameter:

    Value

    Description

    IMAGE_NOT_SIGNED

    The boot loader either did not perform signature checks on the image or the image failed the signature check.

    IMAGE_TEST_SIGNED

    The image was validated using a test root public key.

    IMAGE_FINAL_SIGNED

    The image was validated using a product root public key.

  • nOutBufferSize
    [out] Size of lpOutBuffer.
  • lpBytesReturned
    [in] If not NULL, set to size of DWORD.

Return Values

Returns TRUE if successful; otherwise, returns FALSE.

Remarks

The boot loader keeps track of the signed state of the run-time image when it loads the run-time image for execution into memory in its boot arguments, bootargs. The boot loader has to be a fixed component, which means that it has to be in a read-only part or is not updateable, to make sure that it cannot be tampered with.

OEMs can use this I/O control to verify the signed state of a run-time image and then output a message indicating the state. It is up to the OEMs to implement this functionality.

Requirements

Header

pkfuncs.h

See Also

Reference

Security IOCTLs
OEMCheckSignature