EMB320EMB320
Windows CE 5.0Windows CE 5.0Image Configuration, Image Configuration, Boot Loaders, And Security Boot Loaders, And Security Jeff Glaum,Jeff Glaum,Software Development ManagerSoftware Development Manager
Glen Langer Glen Langer Program ManagerProgram Manager
Windows CE Core OS TeamWindows CE Core OS TeamMicrosoft CorporationMicrosoft Corporation
MManagementanagementTToolsools
CCommunicationsommunications& & MMessagingessaging
Device Update Agent
Software Update Services
Live Communications Server
Exchange Server
Internet Security and Acceleration Server
Speech Server
Image Update
LLocation ocation SServiceservices
MMultimediaultimedia
MapPoint
DirectX
Windows Media
Visual Studio 2005DDevelopment evelopment TToolsools
MFC 8.0, ATL 8.0
Win32NNativeative
MManagedanaged
SServer erver SSideide
LLightweightightweight
RRelationalelationalSQL Server 2005 Express EditionEDB
DDa
taata
PPro
gra
mm
ing
ro
gra
mm
ing
MM
od
el
od
el
DDevice evice BBuilding uilding TToolsools
HHardware/ardware/DDriversrivers
Windows XP DDK
Windows Embedded Studio
Platform Builder
OEM/IHV SuppliedBSP
(ARM, SH4, MIPS)OEM Hardware and Standard Drivers
Standard PC Hardware and Drivers
SQL Server 2005SQL Server 2005 Mobile Edition
ASP.NET Mobile Controls ASP.NET
.NET Compact Framework .NET Framework
Microsoft Operations Manager
Systems Management Server
AgendaAgenda
IntroductionIntroduction
Memory and Storage TechnologiesMemory and Storage Technologies
Windows CE 5.0 Image ConfigurationWindows CE 5.0 Image Configuration
Building an ImageBuilding an Image
Boot LoadersBoot Loaders
Boot Loader SecurityBoot Loader Security
ResourcesResources
MEDC Call to ActionMEDC Call to Action
Q and AQ and A
IntroductionIntroduction
Design Trade-OffsDesign Trade-OffsImage storageImage storage
SRAM, Flash (NOR & NAND), or DiskSRAM, Flash (NOR & NAND), or Disk
ExecutionExecutionExecute in Place (XIP) versus RelocatableExecute in Place (XIP) versus Relocatable
Slower and cheaper versus faster and $$Slower and cheaper versus faster and $$
CompressionCompressionSmaller image size (save cost) vs. slower loading Smaller image size (save cost) vs. slower loading but faster executionbut faster execution
Boot LoaderBoot LoaderComplexity versus PerformanceComplexity versus Performance
SecuritySecurity
How does Windows CE support this?How does Windows CE support this?Build process and toolsBuild process and tools
AgendaAgenda
IntroductionIntroductionMemory and Storage TechnologiesMemory and Storage TechnologiesWindows CE 5.0 Image ConfigurationWindows CE 5.0 Image ConfigurationBuilding an ImageBuilding an ImageBoot LoadersBoot LoadersBoot Loader SecurityBoot Loader SecurityResourcesResourcesMEDC Call to ActionMEDC Call to ActionQ and AQ and A
Memory And Memory And Storage TechnologiesStorage Technologies
Type significantly impacts cost and Type significantly impacts cost and performanceperformance
Each technology imposes different Each technology imposes different design constraintsdesign constraints
Note: The data for this section was derived from leading vendor Note: The data for this section was derived from leading vendor publications for both NAND and NOR; Because of ongoing changes in publications for both NAND and NOR; Because of ongoing changes in flash memory technologies, this information is subject to changeflash memory technologies, this information is subject to change
NAND Flash MemoryNAND Flash Memory
Dates from the late 1980s Dates from the late 1980s
Generally offers a lower cost per byteGenerally offers a lower cost per byte
Higher storage capacityHigher storage capacity
Block-accessed storage device with a Block-accessed storage device with a serial interfaceserial interface
Block-access method makes NAND Block-access method makes NAND unsuitable for execute in place (XIP) unsuitable for execute in place (XIP)
Images typically moved to RAM Images typically moved to RAM for executionfor execution
NAND Flash MemoryNAND Flash Memory
Issue:Issue: Where does CPU access code from for initial Where does CPU access code from for initial pre-boot or for OS at boot time?pre-boot or for OS at boot time?
SolutionsSolutionsAdd NOR flashAdd NOR flash
Use Hybrid flashUse Hybrid flash
New CPU designs use serial interfaceNew CPU designs use serial interface
Issue:Issue: Susceptible to manufacturing flaws and Susceptible to manufacturing flaws and possible run-time cell failurespossible run-time cell failures
SolutionsSolutionsHardware and/or software data error checking and correction Hardware and/or software data error checking and correction logic (ECC)logic (ECC)
Wear-leveling techniques to limit number of erase cyclesWear-leveling techniques to limit number of erase cycles
NAND Flash MemoryNAND Flash Memory
Generally has shorter erase and write Generally has shorter erase and write access timesaccess times
Comparable read access timeComparable read access time
Trade-Offs Trade-Offs Lower cost-per-byte ratio and larger Lower cost-per-byte ratio and larger storage capacity, versusstorage capacity, versus
Additional system complexity and any Additional system complexity and any additional expense in DRAMadditional expense in DRAM
NOR Flash Memory NOR Flash Memory
Generally offers a higher cost per byteGenerally offers a higher cost per byte
Storage capacity is typically smallerStorage capacity is typically smaller
Random-access storage (linear) device Random-access storage (linear) device with an SRAM-like interfacewith an SRAM-like interface
Lack of manufactured bad blocksLack of manufactured bad blocks
Suitable for XIP (execute in Suitable for XIP (execute in place) designsplace) designs
NOR Flash MemoryNOR Flash Memory
Slower read times compared to DRAMSlower read times compared to DRAMOffset by optimizing code for cache usageOffset by optimizing code for cache usage
Offset by running high-impact code from Offset by running high-impact code from RAM (80/20 Rule)RAM (80/20 Rule)
Trade-Offs Trade-Offs Higher cost-per-byte ratio and smaller Higher cost-per-byte ratio and smaller capacity, versuscapacity, versus
Lower system cost - no additional DRAM Lower system cost - no additional DRAM or bad block management logicor bad block management logic
Hybrid Flash MemoryHybrid Flash Memory
Combines the best of both NAND and Combines the best of both NAND and NOR technologies on a single deviceNOR technologies on a single device
NAND flash with on-chip wear-leveling NAND flash with on-chip wear-leveling and SRAM-like interfaceand SRAM-like interface
NAND flash with a NOR boot flash NAND flash with a NOR boot flash memory region for XIPmemory region for XIP
ATA/IDE Hard Disk Drive ATA/IDE Hard Disk Drive
Hard disk drive is good option for Hard disk drive is good option for image storageimage storage
Block-accessed devices Block-accessed devices
Code must first be copied to linear Code must first be copied to linear memory (DRAM) for executionmemory (DRAM) for execution
Trade-Offs Trade-Offs Significantly longer read and write access Significantly longer read and write access times, versustimes, versus
Larger storage capacityLarger storage capacity
AgendaAgenda
IntroductionIntroductionMemory and Storage TechnologiesMemory and Storage TechnologiesWindows CE 5.0 Image ConfigurationWindows CE 5.0 Image ConfigurationBuilding an ImageBuilding an ImageBoot LoadersBoot LoadersBoot Loader SecurityBoot Loader SecurityResourcesResourcesMEDC Call to ActionMEDC Call to ActionQ and AQ and A
XIP Versus XIP Versus Relocatable CodeRelocatable Code
Position independent or “relocatable” code Position independent or “relocatable” code OS loader adjusts references to addressesOS loader adjusts references to addresses
Efficient use of system RAMEfficient use of system RAM
Load times are slightly longer for “fixups”Load times are slightly longer for “fixups”
Relocatable code Trade-Offs Relocatable code Trade-Offs Less flexibility (only executes from RAM)Less flexibility (only executes from RAM)
Typically requires more RAM than XIPing Typically requires more RAM than XIPing from flashfrom flash
Faster executionFaster execution
Slower boot timesSlower boot times
XIP Versus XIP Versus Relocatable CodeRelocatable Code
Fixed position or Fixed position or “execute in place (XIP)”“execute in place (XIP)”
Image is built to run from a specific Image is built to run from a specific locationlocation
Location must support linear accessLocation must support linear access
XIP Trade-Offs XIP Trade-Offs Minimized RAM usage, versusMinimized RAM usage, versus
Slower executionSlower execution
Faster boot timesFaster boot times
Image CompressionImage Compression
Build tools control which components Build tools control which components are XIP and which are relocatedare XIP and which are relocated
Commonly compressed to minimize Commonly compressed to minimize flash usageflash usage
Performance critical code Performance critical code
Rarely used modulesRarely used modules
Trade-OffsTrade-OffsFaster execution, versusFaster execution, versus
Longer load times, versusLonger load times, versus
Efficient flash usageEfficient flash usage
AgendaAgenda
IntroductionIntroductionMemory and Storage TechnologiesMemory and Storage TechnologiesWindows CE 5.0 Image ConfigurationWindows CE 5.0 Image ConfigurationBuilding an ImageBuilding an ImageBoot LoadersBoot LoadersBoot Loader SecurityBoot Loader SecurityResourcesResourcesMEDC Call to ActionMEDC Call to ActionQ and AQ and A
ROM Image BuilderROM Image Builder
OS image is created by the ROM image OS image is created by the ROM image builder tool (romimage.exe)builder tool (romimage.exe)
Romimage.exe runs at the end of the Romimage.exe runs at the end of the build process (after all image build process (after all image components have been created/linked)components have been created/linked)
Configurable binary image builder Configurable binary image builder (.bib) files direct the process(.bib) files direct the process
ROM Image BuilderROM Image Builder
Romimage.exe performs the following Romimage.exe performs the following functions functions
Collects all the components that make up the final Collects all the components that make up the final image: drivers, executables, and data files image: drivers, executables, and data files
Adjusts code addresses (“fix-ups”) as necessary Adjusts code addresses (“fix-ups”) as necessary to control placement of the executable code in the to control placement of the executable code in the image’s virtual address space image’s virtual address space
Compresses parts of the image Compresses parts of the image
Places any data files or compressed sections in Places any data files or compressed sections in unused “holes” in the image (compact image)unused “holes” in the image (compact image)
Generates the image - nk.binGenerates the image - nk.bin
Binary Image Builder FileBinary Image Builder File
The binary image builder (.bib) file is a text The binary image builder (.bib) file is a text file containing sectionsfile containing sections
MEMORY: describes the embedded device’s MEMORY: describes the embedded device’s memory mapmemory map
MODULES and FILES: describes the MODULES and FILES: describes the modules/files that are to be placed in the final modules/files that are to be placed in the final image and their attributes (compressed, etc.)image and their attributes (compressed, etc.)
CONFIG: describes general image CONFIG: describes general image configuration informationconfiguration information
The .bib file (ce.bib) is generated from a The .bib file (ce.bib) is generated from a number of individual .bib files (common.bib, number of individual .bib files (common.bib, project.bib, platform.bib)project.bib, platform.bib)
CE Memory ArchitectureCE Memory Architecture
Slot 0 – current process Slot 0 – current process and consecutive code-data and consecutive code-data section DLLssection DLLs
Slot 1 – separate code-data Slot 1 – separate code-data sections (roughly 32MB)sections (roughly 32MB)
0x8000.0000 – 0xFFFF.FFFF is 0x8000.0000 – 0xFFFF.FFFF is the kernel virtual address rangethe kernel virtual address range
.BIB – MEMORY Section.BIB – MEMORY Section
MEMORY section, specified in config.bib, details the system MEMORY section, specified in config.bib, details the system virtual addresses availablevirtual addresses available
NK 80001000 01FFF000 RAMIMAGENK 80001000 01FFF000 RAMIMAGE
RAM 82000000 01DB0000 RAMRAM 82000000 01DB0000 RAM
RAMIMAGE entry locates any executables, modules, data files RAMIMAGE entry locates any executables, modules, data files and compressed sections in the range of virtual address and compressed sections in the range of virtual address 0x8000.1000 through 0x81FF.FFFF (could be flash or RAM)0x8000.1000 through 0x81FF.FFFF (could be flash or RAM)
RAM entry specifies the range of virtual addresses available to RAM entry specifies the range of virtual addresses available to the Windows CE kernel for allocation tothe Windows CE kernel for allocation to
the file system or object store, the file system or object store,
process virtual address spaces such as heaps and stacks, process virtual address spaces such as heaps and stacks,
memory mapped files and writable data sectionsmemory mapped files and writable data sections
.BIB – MODULES Section.BIB – MODULES Section
MODULES are fixed-up to a virtual address MODULES are fixed-up to a virtual address range (slot address) by romimage.exerange (slot address) by romimage.exe
MODULES section identifies which MODULES section identifies which executable files are to be included and executable files are to be included and their attributestheir attributes
INIT.EXE $(_FLATRELEASEDIR)\INIT.EXE NK SHINIT.EXE $(_FLATRELEASEDIR)\INIT.EXE NK SH
MYDLL.DLL $(_FLATRELEASEDIR)\MYDLL.DLL NK SHCMYDLL.DLL $(_FLATRELEASEDIR)\MYDLL.DLL NK SHC
Each entry: module name (in image), file on Each entry: module name (in image), file on development system, section name, and development system, section name, and attributesattributes
Uncompressed code can XIP and is fixed up to Uncompressed code can XIP and is fixed up to run in slot 1 by defaultrun in slot 1 by default
.BIB – FILES Section.BIB – FILES Section
FILES section is similar to MODULES FILES section is similar to MODULES section however all entries are section however all entries are compressed by default and files compressed by default and files aren’t fixed-uparen’t fixed-up
Used for data files (examples: bitmaps)Used for data files (examples: bitmaps) PIC.BMP $(_FLATRELEASEDIR)\PIC.BMP NK SHPIC.BMP $(_FLATRELEASEDIR)\PIC.BMP NK SH
Executable DLLs in the FILES section Executable DLLs in the FILES section are loaded into Slot 0 (different from are loaded into Slot 0 (different from MODULES section) and reduce overall MODULES section) and reduce overall process address space globallyprocess address space globally
.BIB – CONFIG Section.BIB – CONFIG Section
Contains generic image Contains generic image configuration informationconfiguration information
ROMOFFSET – used to “move” RAM ROMOFFSET – used to “move” RAM image into flashimage into flash
ROMSTART, ROMSIZE, and ROMWIDTH – ROMSTART, ROMSIZE, and ROMWIDTH – used to create binary .nb0 file (in addition used to create binary .nb0 file (in addition to .bin file)to .bin file)
Other settingsOther settings
Image BIN File FormatImage BIN File FormatIMAGE HEADER 15 Bytes:IMAGE HEADER 15 Bytes:4230303046460A - 7 byte sync record4230303046460A - 7 byte sync record4 byte starting address of image (physical address in this case)4 byte starting address of image (physical address in this case)4 byte overall length of image4 byte overall length of image
IMAGE RECORD HEADER 12 Bytes:IMAGE RECORD HEADER 12 Bytes:4 byte address of record (physical address in this case)4 byte address of record (physical address in this case)4 byte length of record4 byte length of record4 byte checksum of record4 byte checksum of record
Image Start = 0x00220000, length = 0x00B52D90Image Start = 0x00220000, length = 0x00B52D90Record [ 0] : Start = 0x00220000, Length = 0x00000010, Chksum = 0x00000829Record [ 0] : Start = 0x00220000, Length = 0x00000010, Chksum = 0x00000829Record [ 1] : Start = 0x00220040, Length = 0x00000008, Chksum = 0x00000314Record [ 1] : Start = 0x00220040, Length = 0x00000008, Chksum = 0x00000314Record [ 2] : Start = 0x00221000, Length = 0x0003EFFC, Chksum = 0x019B93D5Record [ 2] : Start = 0x00221000, Length = 0x0003EFFC, Chksum = 0x019B93D5Record [ 3] : Start = 0x00261000, Length = 0x000003A0, Chksum = 0x00014AD3Record [ 3] : Start = 0x00261000, Length = 0x000003A0, Chksum = 0x00014AD3......Record [119] : Start = 0x00000000, Length = 0x0022A178, Chksum = 0x00000000Record [119] : Start = 0x00000000, Length = 0x0022A178, Chksum = 0x00000000
start addressstart address
Image Mapping Image Mapping
At run time, OS components are fetched from At run time, OS components are fetched from the addresses chosen by Romimage.exe at the addresses chosen by Romimage.exe at build timebuild time
Compressed modules must be copied into RAMCompressed modules must be copied into RAM
Uncompressed modules will run XIP and will be Uncompressed modules will run XIP and will be mapped from the address range specified in the mapped from the address range specified in the MEMORY section of the .bib fileMEMORY section of the .bib file
If the entire image is built to XIP from RAM but is If the entire image is built to XIP from RAM but is stored in flash, then code is required—boot loader stored in flash, then code is required—boot loader or early OS startup code—to copy the image to the or early OS startup code—to copy the image to the correct RAM locationcorrect RAM location
AgendaAgenda
IntroductionIntroductionMemory and Storage TechnologiesMemory and Storage TechnologiesWindows CE 5.0 Image ConfigurationWindows CE 5.0 Image ConfigurationBuilding an ImageBuilding an ImageBoot LoadersBoot LoadersBoot Loader SecurityBoot Loader SecurityResourcesResourcesMEDC Call to ActionMEDC Call to ActionQ and AQ and A
Boot Loader OverviewBoot Loader Overview
Design is affected byDesign is affected byHardware choices (flash): XIP versus copy-to-RAMHardware choices (flash): XIP versus copy-to-RAMManufacturing/process requirements: Manufacturing/process requirements: download transportdownload transport
Typical variationsTypical variationsLoad mechanism: Ethernet, USB, serial, local Load mechanism: Ethernet, USB, serial, local storage (flash, HDD, DOC, CF, etc.) or otherstorage (flash, HDD, DOC, CF, etc.) or otherDevelopment versus production requirementsDevelopment versus production requirementsOS image requirements (ex: XIP or compression)OS image requirements (ex: XIP or compression)
The primary function of the boot loader is to load an The primary function of the boot loader is to load an executable image (OS) into memory and to run itexecutable image (OS) into memory and to run it
x86 Boot Loadersx86 Boot Loaders
Special considerationsSpecial considerationsreal-mode (OS starts in protected mode)real-mode (OS starts in protected mode)boot from disk (BIOS)boot from disk (BIOS)
x86 Boot Loader Variationsx86 Boot Loader VariationsLoadCEPC.exe – real-mode DOS programLoadCEPC.exe – real-mode DOS program
Eboot.bin – Ethernet boot loaderEboot.bin – Ethernet boot loaderSboot.bin – Serial boot loaderSboot.bin – Serial boot loader
BIOSloader – uses BIOS INT13h interfaceBIOSloader – uses BIOS INT13h interfaceROMboot – replaces BIOS and supports ROMboot – replaces BIOS and supports IDE and EthernetIDE and Ethernet
Future: PXE (network boot)Future: PXE (network boot)
Development ProcessDevelopment Process
Create development boot loaderCreate development boot loaderDownloads image from Platform BuilderDownloads image from Platform Builder
Later enhanced for productionLater enhanced for production
boot loader is cross-compiled, linked, and located on boot loader is cross-compiled, linked, and located on a desktop PCa desktop PC
Downloaded and debugged on the target deviceDownloaded and debugged on the target deviceJTAG / IEEE 1149.1 (debug board)JTAG / IEEE 1149.1 (debug board)
Built-in ROM monitorBuilt-in ROM monitor
EEPROM / Flash programmerEEPROM / Flash programmer
Goal: share code with OS image (OAL)Goal: share code with OS image (OAL)
Build And Output FormatBuild And Output Format
Code located atCode located at%_WINCEROOT%\public\common\oak\drivers\ethdbg%_WINCEROOT%\public\common\oak\drivers\ethdbg
%_TARGETPLATROOT%\src\bootloader\eboot%_TARGETPLATROOT%\src\bootloader\eboot (links executable) – OEM code (links executable) – OEM code
Boot Loader EXE run through romimage to Boot Loader EXE run through romimage to generate BIN and possibly NB0 or SRE filesgenerate BIN and possibly NB0 or SRE files
BIN: download with Platform Builder BIN: download with Platform Builder (ROMOFFSET)(ROMOFFSET)
NB0: JTAG/manufacturingNB0: JTAG/manufacturing
SRE: requires interpreter on device SRE: requires interpreter on device (boot monitor)(boot monitor)
Development Development Loader DesignLoader Design
Support libraries provided by MicrosoftSupport libraries provided by MicrosoftCommon loader framework: blcommonCommon loader framework: blcommon
Network and flash support librariesNetwork and flash support libraries
Goal is to minimize amount of code Goal is to minimize amount of code that needs to be written by that needs to be written by OEM/partnerOEM/partner
Architecture designed to be modular Architecture designed to be modular and extendableand extendable
Boot Loader ArchitectureBoot Loader Architecture
blcommonblcommon
OEM codeOEM code
ebooteboot
……
NE
200N
E200
00 RT
L813
RT
L813
99 DP
83815D
P83815
bootpartbootpart
flash FMDflash FMD
EDBG driversEDBG drivers
Typical development boot loaderTypical development boot loader
Boot Loader ArchitectureBoot Loader Architecture
Blcommon – generic boot loader frameworkBlcommon – generic boot loader framework
OEM code – general board init and extensionsOEM code – general board init and extensions
Eboot – Ethernet functions (UDP, Eboot – Ethernet functions (UDP, DHCP, TFTP)DHCP, TFTP)
EDBG drivers – Ethernet driversEDBG drivers – Ethernet drivers3Com 3C90x, AMD AM79C97x, CS8900A, NS 3Com 3C90x, AMD AM79C97x, CS8900A, NS DP83815, NE2000, RealTek RTL8139, SMSC9000 DP83815, NE2000, RealTek RTL8139, SMSC9000 and SMSC100 (list is growing)and SMSC100 (list is growing)
Bootpart – storage partition managementBootpart – storage partition management
FMD – flash management driverFMD – flash management driverSamsung/Sandisk (NAND), Intel StrataFlash (NOR)Samsung/Sandisk (NAND), Intel StrataFlash (NOR)
Boot SequenceBoot Sequence
Boot loader startup sequenceBoot loader startup sequence
StartupStartup
EbootMainEbootMain
BootloaderMainBootloaderMain
OEMDebugInitOEMDebugInit
OEMPlatformInitOEMPlatformInit
OEMPreDownloadOEMPreDownload
Download OccursDownload Occurs
OEMLaunchOEMLaunch
Other (optional)Other (optional)::OEMReadDataOEMReadDataOEMShowProgressOEMShowProgress
OEMIsFlashAddrOEMIsFlashAddrOEMMapMemAddrOEMMapMemAddrOEMStartEraseFlashOEMStartEraseFlashOEMContinueEraseFlashOEMContinueEraseFlashOEMFinishEraseFlashOEMFinishEraseFlashOEMWriteFlashOEMWriteFlash
Kernel startup sequenceKernel startup sequence
StartupStartup
KernelStartKernelStart
ARMInitARMInit
OEMInitDebugSerialOEMInitDebugSerial
OEMInitOEMInit
KernelInitKernelInit
HeapInitHeapInit
InitMemoryPoolInitMemoryPool
ProcInitProcInit
SchedInitSchedInit
FirstScheduleFirstSchedule
SystemStartupFuncSystemStartupFunc
Boot ProcessBoot Process
CPU initialization: CPU initialization: StartUp()StartUp()Assembly code that runs at the CPU Assembly code that runs at the CPU reset vectorreset vectorInitializes CPU core (RAM accessible)Initializes CPU core (RAM accessible)
Protection mode (supervisor)Protection mode (supervisor)Clocks/PLLsClocks/PLLsRAM controllerRAM controllerOptionally sets up MMU and cachesOptionally sets up MMU and caches
Relocates to RAM (and copies initialized Relocates to RAM (and copies initialized global variable section)global variable section)Initializes stack pointerInitializes stack pointerJumps to C code (blcommon entry point)Jumps to C code (blcommon entry point)
Boot ProcessBoot Process
OEMDebugInit() OEMDebugInit() Initializes debug output connection (example: Initializes debug output connection (example: serial UART)serial UART)
OEMWriteDebugByte()OEMWriteDebugByte() sends ASCII characters sends ASCII characters over debug output connectionover debug output connection
OEMPlatformInit()OEMPlatformInit()Initializes bridge (host, PCI, PCMCIA, etc.) and Initializes bridge (host, PCI, PCMCIA, etc.) and peripheral bus logicperipheral bus logic
Initializes other board-level logic needed to Initializes other board-level logic needed to access download transport hardware access download transport hardware (example: Ethernet controller)(example: Ethernet controller)
Boot ProcessBoot Process
Pre-download initialization: Pre-download initialization: OEMPreDownload()OEMPreDownload()
Prepares and establishes download connectionPrepares and establishes download connection
For a development Ethernet boot loader, most of this For a development Ethernet boot loader, most of this handled in the eboot library’s handled in the eboot library’s EbootInitEtherTransport() and EbootInitEtherTransport() and EbootEtherReadData() functionsEbootEtherReadData() functions
Obtain an IP address (static or DHCP)Obtain an IP address (static or DHCP)
Broadcast UDP “BOOTME” packets on the subnetBroadcast UDP “BOOTME” packets on the subnet
Jump to a device-resident image based on Platform Builder Jump to a device-resident image based on Platform Builder settingssettings
** or **** or **
Establish a TFTP connection to Platform Builder and Establish a TFTP connection to Platform Builder and download BIN file recordsdownload BIN file records
Boot ProcessBoot Process
Post-Download/Lauch: Post-Download/Lauch: OEMLaunch()OEMLaunch()
Acquires user settings from Platform Acquires user settings from Platform Builder (examples: clean boot, passive Builder (examples: clean boot, passive KITL, etc.) – handled in eboot library’s KITL, etc.) – handled in eboot library’s EbootWaitForHostConnect() function.EbootWaitForHostConnect() function.
Fills out shared OS data structure Fills out shared OS data structure (bootargs/driver-globals)(bootargs/driver-globals)
Optional: writes download image Optional: writes download image to flashto flash
Jumps to imageJumps to image
Optional FunctionsOptional Functions
Flash-relatedFlash-relatedOEMIsFlash()OEMIsFlash()
Checks whether an address is in flashChecks whether an address is in flash
OEMMapMemAddr()OEMMapMemAddr()Maps BIN records to another memory range Maps BIN records to another memory range (useful for caching a flash image in RAM)(useful for caching a flash image in RAM)
OEMStartEraseFlash()OEMStartEraseFlash()OEMContinueEraseFlash()OEMContinueEraseFlash()OEMFinishEraseFlash()OEMFinishEraseFlash()OEMWriteFlash()OEMWriteFlash()
Use BootPart and FMD for flash accessUse BootPart and FMD for flash access
Boot Loader SecurityBoot Loader Security
Blcommon contains simple Blcommon contains simple signature supportsignature support
Before writing a download image to Before writing a download image to flash and before running image, flash and before running image, CheckSignature() calledCheckSignature() called
Signed hash of image’s Signed hash of image’s table-of-contents (TOC) is stored table-of-contents (TOC) is stored in the .bin imagein the .bin image
AgendaAgenda
IntroductionIntroductionMemory and Storage TechnologiesMemory and Storage TechnologiesWindows CE 5.0 Image ConfigurationWindows CE 5.0 Image ConfigurationBuilding an Image Building an Image Boot LoadersBoot LoadersBoot Loader SecurityBoot Loader SecurityResourcesResourcesMEDC Call to ActionMEDC Call to ActionQ and AQ and A
Boot Loader SecurityBoot Loader Security
Chain of TrustChain of Trust
Detecting and correcting errorsDetecting and correcting errorsDuring downloadDuring download
During bootDuring boot
PreventionPreventionLocking the flash partLocking the flash part
Hardware interlocksHardware interlocks
Boot Loader SecurityBoot Loader Security
Possible solutions using hardwarePossible solutions using hardwareARM TrustZoneARM TrustZone™™
MIPS32MIPS32®® 4KSd 4KSd™™ Core Core
Boot Loader SecurityBoot Loader SecurityARM TrustZoneARM TrustZone™™
NormalNormal SecureSecure-TrustZone SW Elements--TrustZone SW Elements-
Normal OSNormal OS
Normal Normal OS app.OS app.
Secure Secure KernelKernel
SecureSecure servicesservices
SecureSecure drivers & drivers & hardware hardware
abstraction abstraction layerslayers
Mo
nit
or
Mo
nit
or
BootBootLoaderLoader
Licensable SWLicensable SWfrom ARMfrom ARM
SecureSecuredevices /devices /
peripheralsperipherals
ARM TrustZoneARM TrustZoneTMTM diagram used with permission diagram used with permission
Boot Loader SecurityBoot Loader SecurityARM TrustZoneARM TrustZone™™
TrustZoneTrustZone™™ Advantages AdvantagesSecure Process ExecutionSecure Process Execution
Secure mode for boot loader and kernelSecure mode for boot loader and kernel
Periodically verify the imagePeriodically verify the image
Secure StorageSecure StoragePublic and private keysPublic and private keys
Cryptographic algorithmsCryptographic algorithms
Sensitive dataSensitive data
Secure peripheralsSecure peripheralsTimers, smart cardTimers, smart card
Trusted I/O, including JTAG access disabledTrusted I/O, including JTAG access disabledARM TrustZoneARM TrustZoneTMTM info used with permission info used with permission
Boot Loader SecurityBoot Loader SecurityMIPS32MIPS32®® 4KSd 4KSd™™ Core Core
Builds on MIPS’ existing server-class security Builds on MIPS’ existing server-class security (in all cores)(in all cores)
ExecutionExecutionCoreCore
Secure Secure MMUMMU
SecuritySecurityfeaturesfeatures
TLBTLB
SecureSecureCacheCache
ControllerController
InstructionInstructionCacheCache
Data CacheData Cacheand/orand/or
ScratchpadScratchpad
BIUBIU
EJTAGEJTAG
PowerPowerManagementManagement
RequiredRequired Optional orOptional orConfigurableConfigurable
On-ChipOn-ChipBusBus
Co-ProcessorCo-Processor
SecuritySecurity
MIPS16e™MIPS16e™CodeCode
CompressionCompression
MIPS32™4KSd™ Smart Card CoreMIPS32™4KSd™ Smart Card Core
MIPS32® 4KSd™MIPS32® 4KSd™ diagram used with permission diagram used with permission
AddsAddsSecure MMUSecure MMU
Secure CachesSecure Caches
CryptographicCryptographicAccelerationAcceleration
TamperTamperResistanceResistance
Boot Loader SecurityBoot Loader SecurityMIPSMIPS®® MT ASE MT ASE
MIPS Multi-Threading presents Virtual CPUsMIPS Multi-Threading presents Virtual CPUsKnown as Virtual Processing Elements (VPEs)Known as Virtual Processing Elements (VPEs)
Could employ a software supervisor to enforceCould employ a software supervisor to enforceinter-VPE communication (or lack thereof)inter-VPE communication (or lack thereof)
MT Application-Specific Extension MT Application-Specific Extension (ASE) also presents hardware Threads(ASE) also presents hardware Threads
Known as Thread Contexts (TCs)Known as Thread Contexts (TCs)
Dramatically increase processorDramatically increase processorefficiency by instantly switching awayefficiency by instantly switching awayfrom blocked threads from blocked threads
MIPS CoreMIPS Core
MT ASEMT ASE
AppsApps
SecureSecureKernelKernel
VPE0VPE0 VPE1VPE1
OSOS
MIPS® MT ASE diagram used with permissionMIPS® MT ASE diagram used with permission
ResourcesResources
““System Memory Management in System Memory Management in Windows CE .NET”, whitepaperWindows CE .NET”, whitepaperhttp://msdn.microsoft.com/library/en-us/dncenet/hthttp://msdn.microsoft.com/library/en-us/dncenet/html/systemmemorymgmtwince.aspml/systemmemorymgmtwince.asp
Platform Builder documentation, Platform Builder documentation, ““How to Develop a Boot LoaderHow to Develop a Boot Loader””http://msdn.microsoft.com/library/default.asp?url=/lihttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcehardware5/html/wce50howHowtoDebrary/en-us/wcehardware5/html/wce50howHowtoDevelopaBootLoader.aspvelopaBootLoader.asp
While At MEDC 2005…While At MEDC 2005…Fill outFill out an evaluation for this session an evaluation for this session
Randomly selected instant Randomly selected instant WINWIN prizes! prizes!
Use Use real technology in a labreal technology in a lab Instructor led Instructor led Reef E/FReef E/F & & Breakers LBreakers L
Self-paced Self-paced Reef B/CReef B/C
VisitVisit the Microsoft Product Pavilion the Microsoft Product Pavilion
in the Exhibit Hall in the Exhibit Hall Shorelines BShorelines B
After The Conference…After The Conference…
DevelopDevelop
BuildBuild
InstallInstall
BuildBuild
JoinJoin
InstallInstall
EnterEnter
JoinJoin
Full-featured trial versions of Windows CE Full-featured trial versions of Windows CE and/or Windows XP Embeddedand/or Windows XP Embedded
Cool stuff & tell us about it: Cool stuff & tell us about it: msdn.microsoft.com/embedded/community
Windows Embedded Partner Program:Windows Embedded Partner Program:www.mswep.com
Windows Mobile 5.0 Eval Kit including Windows Mobile 5.0 Eval Kit including Visual Studio 2005 Beta 2Visual Studio 2005 Beta 2
Mobile2Market Contest and win up to $25000: Mobile2Market Contest and win up to $25000: mobile2marketcontest.com
Microsoft Solutions Partner Program:Microsoft Solutions Partner Program:partner.microsoft.com
Tools & ResourcesTools & Resources
msdn.microsoft.com/msdn.microsoft.com/ embeddedembedded
microsoft.public.microsoft.public. windowsxp.embeddedwindowsxp.embedded windowsce.platbuilderwindowsce.platbuilder windowsce.embedded.vcwindowsce.embedded.vc
blogs.msdn.com/blogs.msdn.com/ mikehallmikehall
Windows CE 5.0 Eval KitWindows CE 5.0 Eval KitWindows XP Embedded Eval KitWindows XP Embedded Eval Kit
msdn.microsoft.com/msdn.microsoft.com/ mobilitymobility
microsoft.public.microsoft.public. pocketpc.developer pocketpc.developer smartphone.developer smartphone.developer dotnet.framework.compactframeworkdotnet.framework.compactframework
blogs.msdn.com/blogs.msdn.com/ windowsmobilewindowsmobile vsdteamvsdteam netcfteamnetcfteam
Windows Mobile 5.0 Eval KitWindows Mobile 5.0 Eval Kit
WebsitesWebsites
NewsgroupsNewsgroups
BlogsBlogs
ToolsTools
BuildBuild DevelopDevelop
Questions?Questions?
© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.