1 / 32

Windows CE 5.0 Image Configuration, Bootloaders, And Security

Windows CE 5.0 Image Configuration, Bootloaders, And Security. 饶大春 技术专家 微软中国技术中心 微软(中国)有限公司. Agenda. Memory and Storage Technologies Building an Image Bootloaders Bootloader Security. Agenda. Memory and Storage Technologies Download Technologies Building an Image Bootloaders

kaseem-wooten
Download Presentation

Windows CE 5.0 Image Configuration, Bootloaders, And Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows CE 5.0Image Configuration, Bootloaders, And Security 饶大春 技术专家 微软中国技术中心 微软(中国)有限公司

  2. Agenda • Memory and Storage Technologies • Building an Image • Bootloaders • Bootloader Security

  3. Agenda • Memory and Storage Technologies • Download Technologies • Building an Image • Bootloaders • Bootloader Security • Q and A

  4. NAND Flash Memory • Generally offers a lower cost per byte • Higher storage capacity • Block-accessed storage device with a serial interface • Block-access method makes NAND unsuitable for execute in place (XIP) • Images typically moved to RAM for execution

  5. NOR Flash Memory • Storage capacity is typically smaller • Slower read times compared to DRAM • Linear access method • Suitable for XIP (execute in place) designs • Trade-Offs • Higher cost-per-byte ratio and smaller capacity, versus • No additional DRAM or bad block management logic

  6. Hybrid Flash Memory • Combines the best of both NAND and NOR technologies on a single device • NAND flash with on-chip wear-leveling and SRAM-like interface • NAND flash with a NOR boot flash memory region for XIP

  7. Agenda • Memory and Storage Technologies • Download Technologies • Building an Image • Bootloaders • Bootloader Security • Q and A

  8. Download Technologies • Download Bootloader • JTAG • Flash Programmer • Built-In Rom Monitor: USB,Serial • Download Image • Ethernet,USB RNDIS • Serial,USB Serial • Storage Card

  9. Agenda • Memory and Storage Technologies • Download Technologies • Building an Image • Bootloaders • Bootloader Security • Q and A

  10. ROM Image Builder • Romimage.exe performs the following functions • Collects all the components that make up the final image: drivers, executables, and data files • Adjusts code addresses (“fix-ups”) as necessary to control placement of the executable code in the image’s virtual address space • Compresses parts of the image • Generates the image - nk.bin

  11. Source Code Configuration File • Dirs File • Makefile File • Makefile.inc File • Sources File • TARGETNAME • TARGETTYPE • EXEENTRY: StartUp • WINCETARGETFILES • SOURCES • TARGETLIBS

  12. Binary Image Builder File • The binary image builder (.bib) file is a text file containing sections • MEMORY: describes the embedded device’s memory map • CONFIG: describes general image configuration information • MODULES and FILES: describes the modules/files that are to be placed in the final image and their attributes (compressed, etc.)

  13. .BIB - MEMORY Section • MEMORY section, specified in config.bib, details the system virtual addresses available NK 80001000 01FFF000 RAMIMAGE RAM 82000000 01DB0000 RAM • RAMIMAGE entry locates any executables, modules, data files and compressed sections in the range of virtual address 0x8000.1000 through 0x81FF.FFFF (could be flash or RAM) • RAM entry specifies the range of virtual addresses available to the Windows CE kernel for allocation to

  14. .BIB – CONFIG Section • Contains generic image configuration information • ROMOFFSET – used to “move” RAM image into flash • ROMSTART, ROMSIZE, and ROMWIDTH – used to create binary .nb0 file (in addition to .bin file) • AutoSize • Other settings

  15. Image BIN File Format IMAGE HEADER 15 Bytes: 4230303046460A - 7 byte sync record 4 byte starting address of image 4 byte physical length of image IMAGE RECORD HEADER 12 Bytes: 4 byte address of record 4 byte length of record 4 byte checksum of record Image Start = 0x00220000, length = 0x00B52D90 Record [ 0] : Start = 0x00220000, Length = 0x00000010, Chksum = 0x00000829 Record [ 1] : Start = 0x00220040, Length = 0x00000008, Chksum = 0x00000314 Record [ 2] : Start = 0x00221000, Length = 0x0003EFFC, Chksum = 0x019B93D5 Record [ 3] : Start = 0x00261000, Length = 0x000003A0, Chksum = 0x00014AD3 ... Record [119] : Start = 0x00000000, Length = 0x0022A178, Chksum = 0x00000000

  16. Agenda • Memory and Storage Technologies • Download Technologies • Building an Image • Bootloaders • Bootloader Security • Q and A

  17. Bootloader Overview • Design is affected by • Hardware choices (flash): XIP versus copy-to-RAM • Manufacturing/process requirements: download transport • Typical variations • Load mechanism: Ethernet, USB, serial, local storage (flash, HDD, DOC, CF, etc.) or other. • Memory: RAM or flash • Development vs. production requirements • OS image requirements (ex: XIP or compression) • Create development bootloader • Downloads image from Platform Builder • Later enhanced for production

  18. Build And Output Format • Code located at • %_WINCEROOT%\public\common\oak\drivers\ethdbg • %_TARGETPLATROOT%\src\bootloader\eboot (links executable) • Bootloader EXE run through romimage to generate BIN and possibly NB0 or SRE files • BIN: download with Platform Builder (ROMOFFSET) • NB0: JTAG/manufacturing • SRE: requires interpreter on device (boot monitor)

  19. Bootloader Architecture Typical development bootloader: blcommon OEM code eboot RTL8139 USB RNDIS bootpart NE2000 … flash FMD EDBG drivers

  20. Boot Sequence

  21. Boot Process • CPU initialization: StartUp() • Assembly code that runs at the CPU reset vector • Initializes CPU core (RAM accessible) • Protection mode (supervisor) • Clocks/PLLs • RAM controller • Optionally sets up MMU and caches • Relocates to RAM (and copies initialized global variable section) • Initializes stack pointer • Jumps to C code (blcommon entry point)

  22. Boot Process • OEMDebugInit() • Initializes debug output connection (example: serial UART) • OEMWriteDebugByte() sends ASCII characters over debug output connection • OEMPlatformInit() • Initializes bridge (host, PCI, PCMCIA, etc.) and peripheral bus logic • Initializes other board-level logic needed to access download transport hardware (example: Ethernet controller)

  23. Boot Process • Pre-download initialization: OEMPreDownload() • Prepares and establishes download connection • For a development Ethernet bootloader, most of this handled in the eboot library’s EbootInitEtherTransport() and EbootEtherReadData() functions • Obtain an IP address (static or DHCP) • Broadcast UDP “BOOTME” packets on the subnet • Jump to a device-resident image based on Platform Builder settings or • Establish a TFTP connection to Platform Builder and download BIN file records

  24. Boot Process • Post-Download/Lauch: OEMLaunch() • Acquires user settings from Platform Builder (examples: clean boot, passive KITL, etc.) – handled in eboot library’s EbootWaitForHostConnect() function. • Fills out shared OS data structure (bootargs/driver-globals) • Jumps to image

  25. Optional Functions • Flash-related • OEMIsFlash() • Checks whether an address is in flash • OEMMapMemAddr() • Maps BIN records to another memory range (useful for caching a flash image in RAM) • OEMStartEraseFlash() • OEMContinueEraseFlash() • OEMFinishEraseFlash() • OEMWriteFlash() • OEMMultiBinNotify

  26. Agenda • Memory and Storage Technologies • Download Technologies • Building an Image • Bootloaders • Bootloader Security • Q and A

  27. Bootloader Security • Blcommon contains simple signature support • Before writing a download image to flash and before running image, CheckSignature() called

  28. Bootloader Security • Detecting and correcting errors • During download • During boot • Prevention • Locking the flash part • Hardware interlocks

  29. Tools & Resources Build Develop Websites msdn.microsoft.com/embedded msdn.microsoft.com/mobility Newsgroups microsoft.public.pocketpc.developer smartphone.developer dotnet.framework.compactframework microsoft.public.windowsxp.embedded windowsce.platbuilder windowsce.embedded.vc Blogs blogs.msdn.com/mikehall blogs.msdn.com/windowsmobilevsdteamnetcfteam Tools Windows CE 5.0 Eval KitWindows XP Embedded Eval Kit Windows Mobile 5.0 Eval Kit

  30. 大会注意事项 请在课程结束后填写课程培训反馈表,参加抽奖。 请填写资料袋内的黄色大会来宾反馈表,到大会接待台领取大会纪念包。 您还可以: 参加Windows Mobile动手实验室; 参观微软及合作伙伴展区; 体验基于 Windows Mobile平台开发的最新硬件产品及解决方案。

More Related