Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


ELAM driver IoRegisterBootDriverCallback

Jay_KumarJay_Kumar Member Posts: 18

Hi guys,

I am working on a sample project and have a question regarding the boot drivers validation by the ELAM driver. As we all know ELAM driver can register callback using IoRegisterBootDriverCallback() to verify the integrity of the other boot drivers. For some reason, i want to avoid this registration and keep my ELAM driver as simple as possible, just to run my service as PPL. When i avoided the IoRegisterBootDriverCallback() call in my ELAM DriverEntry() function, the system boots fine without any issue. My question is this allowed or i am breaking any Windows requirement of ELAM.

Thanks,

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,602

    What on earth makes you think that would be a requirement?

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Jay_KumarJay_Kumar Member Posts: 18

    The ELAM driver has to be signed after HLK test. So i am suspecting any test can fail.

    Without IoRegisterBootDriverCallback() it should be fine?

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,048

    Try it.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Jay_KumarJay_Kumar Member Posts: 18

    Hi Peter,

    I posted this question to get some concrete answer from others who had experience in ELAM driver. I want to know is it legal to have the ELAM driver without IoRegisterBootDriverCallback() registration.

  • Martin_DrábMartin_Dráb Member - All Emails Posts: 82

    I posted this question to get some concrete answer from others who had experience in ELAM driver. I want to know is it legal to have the ELAM driver without IoRegisterBootDriverCallback() registration.

    I think that IoRegisterBootDriverCallback is the main reason (and maybe the only one) to write an ELAM driver. If you need to write an ELAM driver because you wish to load very early, some magic with load order groups, tags and making the driver an upper/lower filter of a "boot-early" device does the trick.

    IIRC the ELAM driver does not load as the first one; some important system drivers (pci.sys included) will be already there. And boot-start drivers are initialized JUST after the ELAM ones.

    Martin Dráb

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 8,048

    I want to know is it legal to have the ELAM driver without IoRegisterBootDriverCallback() registration.

    Again, let me repeat: You said it works. If you're concerned about the HLKs not passing... run the HLKs and see if your driver passes. If it passes, then it's "legal"... if not, then it's "not legal."

    It's really as simple as that.

    If what you're looking for is a program statement that indicates whether MSFT will be HAPPY with you for having such an ELAM driver, then you need to work with your already established Microsoft contacts to get their opinion.

    You're asking us for something that you are in a better position to know yourself, simply by expending some effort beyond writing a post here.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Jay_KumarJay_Kumar Member Posts: 18

    Hi Martin,

    Thanks for the reply.

    ELAM driver serves for two purposes. To run a service as protected process as well as to verify all the boot drivers before they start loading.
    But the MSDN doc is not very clear on the verification of the boot drivers. I just want to run my service as protected and i don't want to verify any other boot drivers.

    Even though my implementation is working (not verifying boot drivers), i wanted from someone who had experienced dealing with this situation, if they did in the someway as my implementation.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 30 Nov 2020 LIVE ONLINE
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Developing Minifilters Early 2021 LIVE ONLINE