Hi guys,
I am working on a sample project and have a question regarding the boot drivers validation by the ELAM driver. As we all know ELAM driver can register callback using IoRegisterBootDriverCallback() to verify the integrity of the other boot drivers. For some reason, i want to avoid this registration and keep my ELAM driver as simple as possible, just to run my service as PPL. When i avoided the IoRegisterBootDriverCallback() call in my ELAM DriverEntry() function, the system boots fine without any issue. My question is this allowed or i am breaking any Windows requirement of ELAM.
Thanks,
What on earth makes you think that would be a requirement?
The ELAM driver has to be signed after HLK test. So i am suspecting any test can fail.
Without IoRegisterBootDriverCallback() it should be fine?
Hi Peter,
I posted this question to get some concrete answer from others who had experience in ELAM driver. I want to know is it legal to have the ELAM driver without IoRegisterBootDriverCallback() registration.
I posted this question to get some concrete answer from others who had experience in ELAM driver. I want to know is it legal to have the ELAM driver without IoRegisterBootDriverCallback() registration.
I think that IoRegisterBootDriverCallback is the main reason (and maybe the only one) to write an ELAM driver. If you need to write an ELAM driver because you wish to load very early, some magic with load order groups, tags and making the driver an upper/lower filter of a “boot-early” device does the trick.
IIRC the ELAM driver does not load as the first one; some important system drivers (pci.sys included) will be already there. And boot-start drivers are initialized JUST after the ELAM ones.
I want to know is it legal to have the ELAM driver without IoRegisterBootDriverCallback() registration.
Again, let me repeat: You said it works. If you’re concerned about the HLKs not passing… run the HLKs and see if your driver passes. If it passes, then it’s “legal”… if not, then it’s “not legal.”
It’s really as simple as that.
If what you’re looking for is a program statement that indicates whether MSFT will be HAPPY with you for having such an ELAM driver, then you need to work with your already established Microsoft contacts to get their opinion.
You’re asking us for something that you are in a better position to know yourself, simply by expending some effort beyond writing a post here.
Peter
Hi Martin,
Thanks for the reply.
ELAM driver serves for two purposes. To run a service as protected process as well as to verify all the boot drivers before they start loading.
But the MSDN doc is not very clear on the verification of the boot drivers. I just want to run my service as protected and i don’t want to verify any other boot drivers.
Even though my implementation is working (not verifying boot drivers), i wanted from someone who had experienced dealing with this situation, if they did in the someway as my implementation.