Verifying a Signature
An OEM can verify that a file contains the proper signature by using the OEMCertifyModule function before the kernel loads the file.
Using this method, the kernel uses the same hash formula to calculate a signature during the verification process that it used during the signature generation process. OEMCertifyModule compares the signature it calculated from the hash to the signature in the file. If the signatures do not match, OEMCertifyModule prevents the file from loading.
Because the size of a PE file header can vary, OEMCertifyModule may not be able to process the entire header in a single call. Because the signature is at the end of the file, it is not possible to specify a hash function in the signature; you must use Secure Hash Algorithm (SHA) or another fixed hash function. When computing the hash, SHA excludes the following data from the file:
- Checksum field in the Windows COFF header (4 bytes)
- Certificate data directory structure (8 bytes)
- WIN_CERTIFICATE structure (size varies)
You can either write the code that is necessary to implement the signature verification and signing tool yourself or use the sample verification library Loadauth.lib. This is included in Platform Builder in the processor-specific directory under %_WINCEROOT%\Public\Common\Oak\Lib, and the signing tool Signfile.exe.
The following table shows the functions contained in Loadauth.lib library.
| Function | Description |
|---|---|
| InitPubKey | Initializes a public key to be used for signature verification. |
| CertifyModuleInit | Initiates the process of verifying a signature on a module for the purpose of certifying the module. |
| CertifyModule | Streams the bytes of a module for certification. |
| CertifyModuleFinal | Returns the final certification status of a file and any data embedded in the signature. |
To use the sample verification library (Loadauth.lib)
Add OEMCertifyModuleInit and OEMCertifyModule to the OEM adaptation layer (OAL) and initialize the function pointers.
Create and export a hard-coded public key.
The key must have a PUBLICKEYBLOB format. You can use the Signfile.exe tool to complete this step.
Incorporate the public key into the operating system (OS) image.
You can do this by modifying the OAL according to the sample code in %_WINCEROOT%\Platform\%BSP%\Kernel\Hal.
**Note **You can use any name for the functions OEMCertifyModuleInit and OEMCertifyModule. However, it is important to initialize the two kernel pointers, pOEMLoadInit and pOEMLoadModule, in the OEMInit function to these named functions.
Last updated on Wednesday, April 13, 2005
© 2005 Microsoft Corporation. All rights reserved.