EMB320 Windows CE 5.0 Image Configuration, Boot Loaders, And Security Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM EMB320 Windows CE 5.0 Image Configuration, Boot Loaders, And Security Jeff Glaum, Software Development Manager Glen Langer Program Manager Windows CE Core OS Team Microsoft Corporation © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Hardware/Drivers OEM/IHV Supplied BSP (ARM, SH4, MIPS) OEM Hardware and Standard Drivers Standard PC Hardware and Drivers Windows XP DDK Device Building Tools Platform Builder Windows Embedded Studio Data Lightweight Relational EDB SQL Server 2005 Express Edition SQL Server 2005 Mobile Edition SQL Server 2005 Native Managed Server Side Win32 Programming Model MFC 8.0, ATL 8.0 .NET Compact Framework .NET Framework ASP.NET Mobile Controls ASP.NET Multimedia Windows Media DirectX Location Services MapPoint Development Tools Visual Studio 2005 Internet Security and Acceleration Server Communications & Messaging Exchange Server Live Communications Server Speech Server Device Update Agent Management Tools Image Update Software Update Services Systems Management Server Microsoft Operations Manager © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Agenda Introduction Memory and Storage Technologies Windows CE 5.0 Image Configuration Building an Image Boot Loaders Boot Loader Security Resources MEDC Call to Action Q and A © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Introduction Design Trade-Offs Image storage SRAM, Flash (NOR & NAND), or Disk Execution Execute in Place (XIP) versus Relocatable Slower and cheaper versus faster and $$ Compression Smaller image size (save cost) vs. slower loading but faster execution Boot Loader Complexity versus Performance Security How does Windows CE support this? Build process and tools © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Agenda Introduction Memory and Storage Technologies Windows CE 5.0 Image Configuration Building an Image Boot Loaders Boot Loader Security Resources MEDC Call to Action Q and A © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Memory And Storage Technologies Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Memory And Storage Technologies Type significantly impacts cost and performance Each technology imposes different design constraints Note: The data for this section was derived from leading vendor publications for both NAND and NOR; Because of ongoing changes in flash memory technologies, this information is subject to change © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM NAND Flash Memory Dates from the late 1980s Generally offers a lower cost per byte Higher storage capacity Block-accessed storage device with a serial interface Block-access method makes NAND unsuitable for execute in place (XIP) Images typically moved to RAM for execution © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM NAND Flash Memory Issue: Where does CPU access code from for initial pre-boot or for OS at boot time? Solutions Add NOR flash Use Hybrid flash New CPU designs use serial interface Issue: Susceptible to manufacturing flaws and possible run-time cell failures Hardware and/or software data error checking and correction logic (ECC) Wear-leveling techniques to limit number of erase cycles © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM NAND Flash Memory Generally has shorter erase and write access times Comparable read access time Trade-Offs Lower cost-per-byte ratio and larger storage capacity, versus Additional system complexity and any additional expense in DRAM © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM NOR Flash Memory Generally offers a higher cost per byte Storage capacity is typically smaller Random-access storage (linear) device with an SRAM-like interface Lack of manufactured bad blocks Suitable for XIP (execute in place) designs © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM NOR Flash Memory Slower read times compared to DRAM Offset by optimizing code for cache usage Offset by running high-impact code from RAM (80/20 Rule) Trade-Offs Higher cost-per-byte ratio and smaller capacity, versus Lower system cost - no additional DRAM or bad block management logic © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Hybrid Flash Memory Combines the best of both NAND and NOR technologies on a single device NAND flash with on-chip wear-leveling and SRAM-like interface NAND flash with a NOR boot flash memory region for XIP © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

ATA/IDE Hard Disk Drive Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM ATA/IDE Hard Disk Drive Hard disk drive is good option for image storage Block-accessed devices Code must first be copied to linear memory (DRAM) for execution Trade-Offs Significantly longer read and write access times, versus Larger storage capacity © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Agenda Introduction Memory and Storage Technologies Windows CE 5.0 Image Configuration Building an Image Boot Loaders Boot Loader Security Resources MEDC Call to Action Q and A © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

XIP Versus Relocatable Code Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM XIP Versus Relocatable Code Position independent or “relocatable” code OS loader adjusts references to addresses Efficient use of system RAM Load times are slightly longer for “fixups” Relocatable code Trade-Offs Less flexibility (only executes from RAM) Typically requires more RAM than XIPing from flash Faster execution Slower boot times © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

XIP Versus Relocatable Code Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM XIP Versus Relocatable Code Fixed position or “execute in place (XIP)” Image is built to run from a specific location Location must support linear access XIP Trade-Offs Minimized RAM usage, versus Slower execution Faster boot times © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Image Compression Build tools control which components are XIP and which are relocated Commonly compressed to minimize flash usage Performance critical code Rarely used modules Trade-Offs Faster execution, versus Longer load times, versus Efficient flash usage © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Agenda Introduction Memory and Storage Technologies Windows CE 5.0 Image Configuration Building an Image Boot Loaders Boot Loader Security Resources MEDC Call to Action Q and A © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM ROM Image Builder OS image is created by the ROM image builder tool (romimage.exe) Romimage.exe runs at the end of the build process (after all image components have been created/linked) Configurable binary image builder (.bib) files direct the process © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM ROM Image Builder Romimage.exe performs the following functions Collects all the components that make up the final image: drivers, executables, and data files Adjusts code addresses (“fix-ups”) as necessary to control placement of the executable code in the image’s virtual address space Compresses parts of the image Places any data files or compressed sections in unused “holes” in the image (compact image) Generates the image - nk.bin © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Binary Image Builder File Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Binary Image Builder File The binary image builder (.bib) file is a text file containing sections MEMORY: describes the embedded device’s memory map MODULES and FILES: describes the modules/files that are to be placed in the final image and their attributes (compressed, etc.) CONFIG: describes general image configuration information The .bib file (ce.bib) is generated from a number of individual .bib files (common.bib, project.bib, platform.bib) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

CE Memory Architecture Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM CE Memory Architecture Slot 0 – current process and consecutive code-data section DLLs Slot 1 – separate code-data sections (roughly 32MB) 0x8000.0000 – 0xFFFF.FFFF is the kernel virtual address range © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM .BIB – MEMORY Section MEMORY section, specified in config.bib, details the system virtual addresses available NK 80001000 01FFF000 RAMIMAGE RAM 82000000 01DB0000 RAM RAMIMAGE entry locates any executables, modules, data files and compressed sections in the range of virtual address 0x8000.1000 through 0x81FF.FFFF (could be flash or RAM) RAM entry specifies the range of virtual addresses available to the Windows CE kernel for allocation to the file system or object store, process virtual address spaces such as heaps and stacks, memory mapped files and writable data sections © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM .BIB – MODULES Section MODULES are fixed-up to a virtual address range (slot address) by romimage.exe MODULES section identifies which executable files are to be included and their attributes INIT.EXE $(_FLATRELEASEDIR)\INIT.EXE NK SH MYDLL.DLL $(_FLATRELEASEDIR)\MYDLL.DLL NK SHC Each entry: module name (in image), file on development system, section name, and attributes Uncompressed code can XIP and is fixed up to run in slot 1 by default © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM .BIB – FILES Section FILES section is similar to MODULES section however all entries are compressed by default and files aren’t fixed-up Used for data files (examples: bitmaps) PIC.BMP $(_FLATRELEASEDIR)\PIC.BMP NK SH Executable DLLs in the FILES section are loaded into Slot 0 (different from MODULES section) and reduce overall process address space globally © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM .BIB – CONFIG Section Contains generic image configuration information ROMOFFSET – used to “move” RAM image into flash ROMSTART, ROMSIZE, and ROMWIDTH – used to create binary .nb0 file (in addition to .bin file) Other settings © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Image BIN File Format IMAGE HEADER 15 Bytes: 4230303046460A - 7 byte sync record 4 byte starting address of image (physical address in this case) 4 byte overall length of image IMAGE RECORD HEADER 12 Bytes: 4 byte address of record (physical address in this case) 4 byte length of record 4 byte checksum of record Image Start = 0x00220000, length = 0x00B52D90 Record [ 0] : Start = 0x00220000, Length = 0x00000010, Chksum = 0x00000829 Record [ 1] : Start = 0x00220040, Length = 0x00000008, Chksum = 0x00000314 Record [ 2] : Start = 0x00221000, Length = 0x0003EFFC, Chksum = 0x019B93D5 Record [ 3] : Start = 0x00261000, Length = 0x000003A0, Chksum = 0x00014AD3 ... Record [119] : Start = 0x00000000, Length = 0x0022A178, Chksum = 0x00000000 start address © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Image Mapping At run time, OS components are fetched from the addresses chosen by Romimage.exe at build time Compressed modules must be copied into RAM Uncompressed modules will run XIP and will be mapped from the address range specified in the MEMORY section of the .bib file If the entire image is built to XIP from RAM but is stored in flash, then code is required—boot loader or early OS startup code—to copy the image to the correct RAM location © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Agenda Introduction Memory and Storage Technologies Windows CE 5.0 Image Configuration Building an Image Boot Loaders Boot Loader Security Resources MEDC Call to Action Q and A © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Loader Overview The primary function of the boot loader is to load an executable image (OS) into memory and to run it Design is affected by Hardware choices (flash): XIP versus copy-to-RAM Manufacturing/process requirements: download transport Typical variations Load mechanism: Ethernet, USB, serial, local storage (flash, HDD, DOC, CF, etc.) or other Development versus production requirements OS image requirements (ex: XIP or compression) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM x86 Boot Loaders Special considerations real-mode (OS starts in protected mode) boot from disk (BIOS) x86 Boot Loader Variations LoadCEPC.exe – real-mode DOS program Eboot.bin – Ethernet boot loader Sboot.bin – Serial boot loader BIOSloader – uses BIOS INT13h interface ROMboot – replaces BIOS and supports IDE and Ethernet Future: PXE (network boot) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Development Process Create development boot loader Downloads image from Platform Builder Later enhanced for production boot loader is cross-compiled, linked, and located on a desktop PC Downloaded and debugged on the target device JTAG / IEEE 1149.1 (debug board) Built-in ROM monitor EEPROM / Flash programmer Goal: share code with OS image (OAL) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Build And Output Format Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Build And Output Format Code located at %_WINCEROOT%\public\common\oak\drivers\ethdbg %_TARGETPLATROOT%\src\bootloader\eboot (links executable) – OEM code Boot Loader EXE run through romimage to generate BIN and possibly NB0 or SRE files BIN: download with Platform Builder (ROMOFFSET) NB0: JTAG/manufacturing SRE: requires interpreter on device (boot monitor) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Development Loader Design Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Development Loader Design Support libraries provided by Microsoft Common loader framework: blcommon Network and flash support libraries Goal is to minimize amount of code that needs to be written by OEM/partner Architecture designed to be modular and extendable © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Boot Loader Architecture Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Loader Architecture Typical development boot loader blcommon OEM code eboot RTL8139 DP83815 bootpart NE2000 … flash FMD EDBG drivers © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Boot Loader Architecture Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Loader Architecture Blcommon – generic boot loader framework OEM code – general board init and extensions Eboot – Ethernet functions (UDP, DHCP, TFTP) EDBG drivers – Ethernet drivers 3Com 3C90x, AMD AM79C97x, CS8900A, NS DP83815, NE2000, RealTek RTL8139, SMSC9000 and SMSC100 (list is growing) Bootpart – storage partition management FMD – flash management driver Samsung/Sandisk (NAND), Intel StrataFlash (NOR) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Sequence Boot loader startup sequence Startup EbootMain BootloaderMain OEMDebugInit OEMPlatformInit OEMPreDownload Download Occurs OEMLaunch Other (optional): OEMReadData OEMShowProgress OEMIsFlashAddr OEMMapMemAddr OEMStartEraseFlash OEMContinueEraseFlash OEMFinishEraseFlash OEMWriteFlash Kernel startup sequence Startup KernelStart ARMInit OEMInitDebugSerial OEMInit KernelInit HeapInit InitMemoryPool ProcInit SchedInit FirstSchedule SystemStartupFunc © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Process CPU initialization: StartUp() Assembly code that runs at the CPU reset vector Initializes CPU core (RAM accessible) Protection mode (supervisor) Clocks/PLLs RAM controller Optionally sets up MMU and caches Relocates to RAM (and copies initialized global variable section) Initializes stack pointer Jumps to C code (blcommon entry point) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Process OEMDebugInit() Initializes debug output connection (example: serial UART) OEMWriteDebugByte() sends ASCII characters over debug output connection OEMPlatformInit() Initializes bridge (host, PCI, PCMCIA, etc.) and peripheral bus logic Initializes other board-level logic needed to access download transport hardware (example: Ethernet controller) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Process Pre-download initialization: OEMPreDownload() Prepares and establishes download connection For a development Ethernet boot loader, most of this handled in the eboot library’s EbootInitEtherTransport() and EbootEtherReadData() functions Obtain an IP address (static or DHCP) Broadcast UDP “BOOTME” packets on the subnet Jump to a device-resident image based on Platform Builder settings ** or ** Establish a TFTP connection to Platform Builder and download BIN file records © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Process Post-Download/Lauch: OEMLaunch() Acquires user settings from Platform Builder (examples: clean boot, passive KITL, etc.) – handled in eboot library’s EbootWaitForHostConnect() function. Fills out shared OS data structure (bootargs/driver-globals) Optional: writes download image to flash Jumps to image © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Optional Functions Flash-related OEMIsFlash() Checks whether an address is in flash OEMMapMemAddr() Maps BIN records to another memory range (useful for caching a flash image in RAM) OEMStartEraseFlash() OEMContinueEraseFlash() OEMFinishEraseFlash() OEMWriteFlash() Use BootPart and FMD for flash access © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Loader Security Blcommon contains simple signature support Before writing a download image to flash and before running image, CheckSignature() called Signed hash of image’s table-of-contents (TOC) is stored in the .bin image © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Agenda Introduction Memory and Storage Technologies Windows CE 5.0 Image Configuration Building an Image Boot Loaders Boot Loader Security Resources MEDC Call to Action Q and A © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Loader Security Chain of Trust Detecting and correcting errors During download During boot Prevention Locking the flash part Hardware interlocks © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Loader Security Possible solutions using hardware ARM TrustZone™ MIPS32® 4KSd™ Core © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Boot Loader Security ARM TrustZone™ Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Loader Security ARM TrustZone™ Secure -TrustZone SW Elements- Licensable SW from ARM Normal Normal OS app. Secure services Boot Loader Secure drivers & hardware abstraction layers Secure devices / peripherals Secure Kernel Normal OS Monitor ARM TrustZoneTM diagram used with permission © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Boot Loader Security ARM TrustZone™ Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Loader Security ARM TrustZone™ TrustZone™ Advantages Secure Process Execution Secure mode for boot loader and kernel Periodically verify the image Secure Storage Public and private keys Cryptographic algorithms Sensitive data Secure peripherals Timers, smart card Trusted I/O, including JTAG access disabled ARM TrustZoneTM info used with permission © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Boot Loader Security MIPS32® 4KSd™ Core Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Loader Security MIPS32® 4KSd™ Core Builds on MIPS’ existing server-class security (in all cores) MIPS32™4KSd™ Smart Card Core EJTAG Security features Instruction Cache BIU Execution Core Secure MMU Secure Cache Controller Co-Processor On-Chip Bus Adds Secure MMU Secure Caches Cryptographic Acceleration Tamper Resistance TLB Data Cache and/or Scratchpad MIPS16e™ Code Compression Power Management Required Optional or Configurable Security MIPS32® 4KSd™ diagram used with permission © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Boot Loader Security MIPS® MT ASE Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Boot Loader Security MIPS® MT ASE MIPS Multi-Threading presents Virtual CPUs Known as Virtual Processing Elements (VPEs) Could employ a software supervisor to enforce inter-VPE communication (or lack thereof) MT Application-Specific Extension (ASE) also presents hardware Threads Known as Thread Contexts (TCs) Dramatically increase processor efficiency by instantly switching away from blocked threads Apps OS Secure Kernel MIPS Core MT ASE VPE0 VPE1 MIPS® MT ASE diagram used with permission © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Resources “System Memory Management in Windows CE .NET”, whitepaper http://msdn.microsoft.com/library/en-us/dncenet/html/systemmemorymgmtwince.asp Platform Builder documentation, “How to Develop a Boot Loader” http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcehardware5/html/wce50howHowtoDevelopaBootLoader.asp © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM While At MEDC 2005… Fill out an evaluation for this session Randomly selected instant WIN prizes! Visit the Microsoft Product Pavilion in the Exhibit Hall Shorelines B Use real technology in a lab Instructor led Reef E/F & Breakers L Self-paced Reef B/C © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM After The Conference… Build Install Build Join Full-featured trial versions of Windows CE and/or Windows XP Embedded Cool stuff & tell us about it: msdn.microsoft.com/embedded/community Windows Embedded Partner Program: www.mswep.com Develop Install Enter Join Windows Mobile 5.0 Eval Kit including Visual Studio 2005 Beta 2 Mobile2Market Contest and win up to $25000: mobile2marketcontest.com Microsoft Solutions Partner Program: partner.microsoft.com © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Tools & Resources Build Develop Websites msdn.microsoft.com/ embedded msdn.microsoft.com/ mobility Newsgroups microsoft.public. windowsxp.embedded windowsce.platbuilder windowsce.embedded.vc microsoft.public. pocketpc.developer smartphone.developer dotnet.framework.compactframework Blogs blogs.msdn.com/ mikehall blogs.msdn.com/ windowsmobile vsdteam netcfteam Tools Windows CE 5.0 Eval Kit Windows XP Embedded Eval Kit Windows Mobile 5.0 Eval Kit © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM Questions? © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Mobile & Embedded DevCon 2005 4/22/2017 9:37 PM © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.