The -FIXED liker option will provide some of what you are looking for, but there really isn’t a way to get true PIC, which is what it sounds like you want, unless you want to try and roll something with GNU tools, perhaps. Additionally, building a boot driver with -FIXED would be an abject disaster waiting to happen. I realize that this is what you have been tasked with, but this one makes no sense to me. If you want to go this route, I don’t see any other option than to process the relocations, et. .c. This - binary parsing in the kernel on a boot driver - to me, given that it provides very little security against anyone who really wants to do evil, is just not a good idea, but I hear you on just having to do things that you are tasked with. If you go this route, this best idea I have to contribute would be to embed a copy of the image in the driver itself (non-paged, obviously), and process that. As this is a driver, using a resource is basically out, but it’s probably small enough to include as a string via a custom build process. Personally, I don’t think that it matters much either way, but I don’t see any reason why this is less secure than the checking the on disk one, which you can still do later if you wish. They both can be modified pretty easily, and demonstrating that they are the same doesn’t mean a great deal, consquently.
Good luck,
mm