|
|
| This newsletter contains archived content. No warranty is made as to technical accuracy of content or currency of URLs.
From the Editor
The WinHEC presentations on Microsoft Windows BitLocker Drive Encryption focused on large, abstract projections of costs to corporations related to laptop thefts. However, you've probably been reading news stories about the recent data thefts and related security concerns that have resulted from stolen laptops--stories that have really driven the issue home in many people's minds. We provided a host of technical implementation information about BitLocker at WinHEC, which you can find at the link above. But if you want to spend some time thinking about the issues with real human beings, check the System Integrity Team Blog. Written by Niels Ferguson and other developers who are working on Windows BitLocker, this blog gives you the opportunity to observe and converse actively with those involved with implementing some of the security features in Windows. Next, please check Michael Howard's Web Log. Michael is already well known as the "simple software security guy at Microsoft." His June blog postings discuss goals for new features--such as Address Space Layout Randomization--from his unique perspective. Of course, be sure to download Microsoft Windows Vista Security Advancements on TechNet, for a tour of the Windows Vista security features, so you can begin considering how these features might affect your professional design and development activities. For example, in earlier versions of Windows, a privileged service could obtain all access to a process or thread by using SeDebugPrivilege. You'll find that thread access rights are much more restricted in Windows Vista. For information and new guidelines, see Protected Processes in Windows Vista. For driver developers and system designers, the Windows teams have been focusing on providing deeper examinations and implementation guidelines for core changes in Windows Vista that have security implications. Kernel WMI Object Security, a brand new paper on the WHDC Web site, describes the default security permissions for kernel Windows Management Instrumentation (WMI) objects on Microsoft Windows Server 2003 and Windows Vista, and provides implementation guidelines for how system manufacturers can, if necessary, change security permissions for individual kernel WMI objects during device installation. I know that the new integrity checks for kernel-mode software installation are affecting all of you who are driver developers. In case you've been off the grid for the last few months, read Driver Signing Requirements for Windows and
Driver Package Integrity in Windows Vista for a discussion of key issues. Everyone on my team is well acquainted with my aversion to making promises when I don't have a finished document in hand. But in this case, I personally promise you that step-by-step guidelines for cross-signing will be available this summer. - Annie Pearson
for the WHDC Web team
WHDC After Dark:
| • |
Searching for the killer app for the sonic dismembrator: We have this statistically odd set of roles in our house, where I maintain the PCs and network and my husband buys and uses the kitchen gadgets. I am not forwarding him this link and, fortunately, he never reads this newsletter.
|
| • |
Multi-threaded, multi-purpose: My writing partner's partner turned from teaching code-design for multithreaded applications to hands-on experiments with complex cross-stitching. And this soft-art thread bot turned up in the online search for projects that combine interests in complex biology and complex stitchery.
|
|
Windows Driver Development
|
|
The WHDC Web site includes new case studies and videos that describe the experiences at Mellanox, LSI Logic and Broadcom in porting and building new drivers for 64-bit editions of Windows. In addition to these case studies describing the business value for publishing 64-bit drivers, the WHDC Web site includes:
|
|
- Checklist for 64-bit driver development
|
|
|
- INF and driver installation guidelines for 64-bit drivers
|
|
|
- Code signing, patching, and registry FAQs for 64-bit systems
|
|
|
- Links to Windows Driver Kit (WDK) documentation and other porting resources
|
|
|
|
Are you having trouble installing a driver with the Kernel-Mode Driver Framework (KMDF) version 1.1? A new tip on WHDC Web lists some common errors and provides suggestions for troubleshooting driver installation. A brief summary of the items discussed include these steps:
| • |
Check the log files for information that pertains to your driver installation.
|
| • |
Set the SetupAPI logging level to provide verbose information at driver installation.
|
| • |
Use the correct KMDF co-installer for the KMDF version and operating system platform.
|
| • |
Use the correct version of the INF to install the driver.
|
| • |
In INF files for use with KMDF 1.1, specify only one KmdfService directive and one KmdfLibraryVersion directive.
|
| • |
Check the system event log for errors that occur during dynamic binding of the KMDF driver to the library.
|
|
|
|
Based on requests from driver developers, the WDK team has provided a standalone version of the Help file for the Driver Test Manager (DTM). This document provides preview information about using DTM to test your device driver or system.
|
|
|
Although not specifically for driver developers, Adrian's talk about the Heap Manager in Windows Vista is useful information about Windows Vista internals. Adrian Marinescu is lead developer on the Windows Kernel team, focusing on the Heap Manager and associated technologies. The Heap Manager plays a big role in shaping system performance and security. Windows Vista provides a heap management infrastructure that will be very hard for expert hackers to exploit. Adrian explains how the heap has been improved in Windows Vista and why it will help make Windows Vista both more performant and secure.
|
Windows Logo Program and Code Signing Updates
|
|
Microsoft now provides cross-certificates for six Certificate Authorities that issue certificates for code-signing kernel-mode code.
|
|
|
The release of the Windows Logo Program Suite 3.0, Revision 1.0
|
|
|
The following corrections and changes have been identified for the Windows Logo Program Suite 3.0, in the v. 1.02 revision published on WHDC Web:
|
|
SYSFUND-0090 added sentence: "SID and SVID support is not required until January 2009"
SYSFUND-0010 clarification to specify DVD-RW on servers
SYSFUND-0072 add PXE to boot menu options
SYSFUND-0096, 0107 change if-implemented definition to specify hardware partitioning.
NETWORK-0018 wording change, remove "WEP" from list of authentication algorithms.
IMAGING-0004 wording change, removal of design note
IMAGING-0023 changed JobCollateAllDocuments to DocumentCollate
AUDIO-0048 wording change, body clarification
GRAPHICS-0027 wording change, relax NV11 support until June 1, 2007
GRAPHICS-0032 wording change, relax NV11 and P208 support until June 1, 2007
GRAPHICS-0057 wording change, removed last bullet item and clarified compliance with the PCI Express 1.0 specification
STREAM-0023 wording change, "such as UYVY or YUY2" to "either UYVY or YUY2"
SYSFUND-0007 wording change, clarify body text
SYSFUND-0047 wording change, updated If Implemented definition
SYSFUND-0121 change "or" to "and" in notes about USB and HD audio
SYSFUND-0065 change to reco-0016
AUDIO-0050 change to reco-0015
GRAPHICS-0025 clarification to if-implemented
DISPLAY-0069, 0070 relaxed requirement to be non-sRGB specific
DISPLAY-0085 relaxed from "required" to "if-implemented"
|
|
|
|
|
|
|
|
Edition for  June 27, 2006 |
|
Windows Vista - Driver Developer Kits, Tools, and Programs
|
|
Hardware and Driver Developer Community
|
|
|
