Adding Support for Image Signatures

To avoid downloading or running a bad image, the boot loader may need to validate the image before taking any action. You can provide a callback function, which the BLCOMMON library will call before writing an image into flash memory.

Note   You should leave the flash memory erase routines stubbed to avoid accidentally writing to or erasing blocks of data in flash memory until the whole image is downloaded and its signature can be checked.

You can implement any kind of signature checking mechanism or you can use the CheckSignature routine provided in the BLCOMMON library. For more information, see OEMCheckSignature and %_WINCEROOT%\Public\Common\Oak\Drivers\Ethdbg\Blcommon.

The following code example shows how OEMCheckSignature is implemented.

BOOL OEMCheckSignature(DWORD dwImageStart, DWORD dwROMOffset, DWORD dwLaunchAddr, BOOL bDownloaded)
    // Check image signature here. 
    // FALSE means image failed signature check and BLCOMMON will 
    // abort the flash write or the launch operation.

When using BLCOMMON during boot loader initialization, for example, OEMDebugInit, the signature verification function pointer should be assigned to the OEM's signature routine. For example, to have BLCOMMON call OEMCheckSignature to validate the image signature, you should do the following in OEMDebugInit.

g_pOEMCheckSignature = OEMCheckSignature;

See Also

How to Develop a Boot Loader

Last updated on Wednesday, April 13, 2005

© 2005 Microsoft Corporation. All rights reserved.