During one of BSQUARE’s recent Windows Embedded CE 6.0 Training class, students asked some good questions on ISRs in CE 6, .DAT files, the trust model, and entry points. 

Chances are this information will benefit readers of our Windows CE 6 blog as well – see Q&A below.

Question: What extra security is involved in installing an ISR in CE 6?
Answer:   There have been no changes in the ISR installation method in CE6.  The only restriction is that they must be loaded by a driver (user mode or kernel mode), you can't load the ISR from an application.  In addition, a user mode driver is restricted to using the MS provided GIISR.

Question: Are .DAT files making an actual copy or just referencing?
Answer:   .DAT files make a copy of the source file.  The original file will always exist in the \Windows directory.  You can reduce the memory footprint by creating shortcut files, and copying the shortcut to the target location.

Question: Explain the trust model changes in CE 6.0.
Answer:  The trust model has changed in CE6.  If the trust mechanism is implemented, modules are either fully trusted and can run with all privileges or they are not trusted and may not run at all.  Prior versions of CE included an intermediate level of trust that allowed an untrusted application to run, but restricted access to certain privileged APIs. 

Regardless of whether the trust mechanism is implemented in a particular BSP, CE6 now distinguishes between User mode components and Kernel mode components.  A number of APIs can only be called by Kernel mode components (the OAL and drivers/dlls that are running in kernel mode).  These APIs are typically the ones that would provide unrestricted access to the system memory space.  User mode drivers can call some of these functions with restrictions on their parameters.

If you are concerned about security, you need to implement the trust model to prevent any unauthorized component from running at all.  While user mode applications can't call restricted APIs, there is nothing stopping them from loading a kernel mode dll containing code that has full access to the system.

Question: In CE 6.0, do all entry points need to be defined?
Answer:  Stream device drivers do not have to expose all the stream entry points.  The entry points they need to expose depend on the functionality that will be exposed by the driver.  Requirements are as follows:

• Init/Deinit are required
  
• If the driver is named (most are), it must contain Open/Close plus at least one of the IO routines (Read, Write, DeviceIoControl, Seek)
  
• If the driver contains PreClose, it must also contain PreDeinit
  
  

. . . . . . . . . . . . . . . . . . . . . . .
Dean Ramsier
Senior Software Engineer
Professional Engineering Services
BSQUARE Corporation | Contact Me!