Locking Down Windows XP Embedded Dave Baker Embedded
Locking Down Windows XP Embedded Dave Baker Embedded Developer Evangelist Microsoft UK Dave. Baker@microsoft. com //blogs. msdn. com/davbaker
Agenda Overview Look and Feel Booting Security Operational
A World of Devices PC’s Web services Retail Experiences: Productivity Communication Entertainment Communications Manufacturing & Distribution Consumer devices Healthcare
Mobile and Embedded Devices Thin Clients Windows Mobile Smartphone Industrial Automation ATMs / Kiosks Windows Mobile Pocket PC Phone Windows Automotive Office Automation Retail Point-of-Sale Tablet PC Vista Sideshow Portable Media Center Vo. IP Phones Windows-based Terminals Medical Devices Mobile Handhelds Smart Personal Objects Set-top Boxes Entertainment Devices Notebook PC Gateways Set-top Box . NET Micro Framework Windows XP Windows Embedded CE Increasing Functionality Windows Vista
Windows XP Embedded Componentised version of XP Professional Over 12, 000 components to flexibly build a customised device Rapid Development Powerful tools for building custom devices Extensive support for Win 32 and low-cost PC hardware Reliable Built on the robust Windows XP Kernel SP 2 adds more on security Embedded specific capabilities to increase reliability in devices
Embedded Enabling Features l Write Filter Technology (EWF & FBWF) l l Allows the Windows XP Embedded operating system to boot from any read-only media Boot from read-only media Protect readwrite media folders and partitions No need for application redesign l l l Overlay t disk or RAM (Stateless) Up to 9 overlays Overlay rollback and commit
Embedded Enabling Features Alternative Non-Volatile Boot Media CD-ROM, u. Disk. On. Chip, Flash, USB Headless Operation System with no keyboard, mouse, or display. User intervention not required Hibernate Once, Resume Many (HORM) Boot from hibernation file Provides the fastest boot-time possible System Message Interception Auto response to error messages Custom Shell Allows the default shell to be replaced with another application
XPe Development Overview Target Analyser Console Tool Application Target Designer Component Designer Hardware Definition Application Components Application Binaries App, OS and Supporting Components XPe Component Database OS Image
Goal Take advantage of Microsoft Windows XP/ Windows XP Embedded / Windows Embedded for Point of Service (WEPOS), but: Device is to act like an appliance No indication of what OS is running Lock users from administration functions Customer impression issues Consumer electronics Medical Architect! – Design ahead
Look and Feel - Splash screens Change splash screen on boot Disable the Windows Logo Configuration->Settings select “Do not display GUI boot screens” The user sees a blank screen Long boot time, might not be a good option for consumers
Look and Feel - Splash screens Custom splash screen /bootlogo option in Boot. ini Loads boot. bmp file found in windows Boot. bmp file: 640 x 480 16 color (4 bits) Tip: Create Adobe Photoshop/ Adobe Photoshop Elements, finalize with Microsoft Paint
Look and Feel - Splash screens Custom splash screen No Target Designer option available to set /bootlogo for the boot. ini Boot. ini is the last item to be created during the build, no overwrite solution Solution: FBA Gen. CMD to run an custom move app during FBA at phase 8450
Look and Feel - Splash screens int _tmain(int argc, TCHAR* argv[], TCHAR* envp[]) { int n. Ret. Code = 0; // initialize MFC and print and error on failure if (!Afx. Win. Init(: : Get. Module. Handle(NULL), NULL, : : Get. Command. Line(), 0)) { _tprintf(_T("Fatal Error: MFC initialization failedn")); n. Ret. Code = 1; } else { Move. File("c: \boot. ini", "c: \boot_old. ini"); Move. File("c: \boot_new. ini", "c: \boot. ini"); } return n. Ret. Code; }
Look and Feel - Logon screens Target Designer logon choices: Minlogon – no logon screen, boots directly into Windows Logon (Standard) Friendly / Dialog logon screens Optional: Legal notice Automatic Logon Disable dialog/status screens: HKLMSOFTWAREMicrosoftWindowsCurrent. Versionpolicies Name Type Value Disable. Status. Messages REG_DWORD 0 x 00000001
Look and Feel - Logon screens Custom Logon screens Replace the GINA – Graphical Identification and Authentication Keith Brown’s two part MSDN article: Security Briefs: Customizing GINA Biometric security solution Control CTRL-ALT-DEL
Look and Feel - Logon screens Logon/GINA solutions: Front. Motion (www. frontmotion. com) – GINA replacement, supports Macromedia Flash p. GINA (pgina. xpasystems. com) – GINA replacement with plug-ins Stardock’s Logon. Studio (www. stardock. com) – Replace Friendly logon screen
Look and Feel - MISC Custom shell in place of Explorer Any application can be the shell There are many Windows themes and desktop solutions available Disable screen savers Set power management
Look and Feel - MISC Use Power management APIs of Windows XP Embedded to control the power state of the device System Message Intercept Touch-screen input / Hide mouse cursors Modify BIOS screens General software BIOS www. gensw. com
Demo Look and Feel Splash, Logon, Shell
Booting - Boot Drives Consumers don’t want to wait for 1 to 2 minutes for a system to boot Boot time is factor of boot drive, processor, chip bus speed, and memory size Boot drive is the most important HDD with DMA, u. DOC Some IDE and CF cards with DMA Generic CF cards are Port I/O mode only – very slow
Booting - HORM Hibernation offers the fastest boot time Hibernate Once, Resume Many (HORM) introduced in Windows XP Embedded SP 2 HORM is a combination of EWF (Enhanced Write Filter) with RAM overlay and Hibernation Requires space that equals system RAM on the boot drive for hiberfil. sys By-pass splash screens
Booting - HORM (cont’d) Protects the OS from writes Because of EWF RAM overlay- Another layer of protection from viruses and worms Prevents users from manipulating the OS Data stored on a different partition – mount and dismount solution required: MSDN Article: Dismounting Volumes in a Hibernate Once/Resume Many Configuration Suggestion: Initiate hibernation using a trap key solution
Demo HORM Boot speed
Security Approach Windows XP Embedded Security Internet Network Local
Security Include and enable: Windows Firewall, IPSec, WEP, WPA Turn on Data Execution Prevention Use NTFS Use Winlogon when possible Enhanced Write Filter Reduce footprint, reduce attack surface area Add a virus protection software Enable Pop-up blocker Biometric or smart card security
Security - Dual Shells Prevent User access, but allow the system to be administered Don’t include RUN AS service Custom Shell All Users (Power User) Explorer Shell Administrator
Security - Dual Shells Registry keys are used to setup dual shell capability: HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NT Current. Version Ini. File. Mappingsystem. iniboot Name Type Value Shell REG_SZ USR: SoftwareMicrosoftWindows NT Current. VersionWinlogon HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrent. VersionWinlogon Name Type Value Shell REG_SZ <Explorer> - Default Shell
Security - Dual Shells Setup this last key in each user account MSDN: Different Shells for Different Users HKEY_Current_UserSoftwareMicrosoftWindows NTCurrent. VersionWinlogon Name Type Value Shell REG_SZ c: windowssystem 32<account shell. exe> , where <account shell. exe> is the name of the application.
Security - Custom security Create a custom security template U. S. National Security Agency offers a Windows XP template - www. nsa. gov Lock “Power Users” out of whole drives or specific applications
Security - Security dialog User “Friendly” Logon option is unchecked, enables “Windows Security” dialog with CTRL-ALT-DEL Possible back door for the user Custom GINA, or…
Security - Security dialog Turn-off functions in the “Windows Security” dialog with the following registry Keys: HKEY_Current_UserSoftwareMicrosoftWindowsCurrent. VersionPoliciesSystem Name Type Value Disable. Task. Mgr REG_DWORD 0 x 00000001 Disable. Lock. Workstation REG_DWORD 0 x 00000001 Disable. Change. Password REG_DWORD 0 x 00000001 HKEY_Current_UserSoftwareMicrosoftWindowsCurrent. VersionPoliciesExplorer Name Type Value No. Logoff REG_DWORD 0 x 00000001 No. Close REG_DWORD 0 x 00000001
Operational Require Administrative access Dual Shells - Trap-key that launches custom shutdown / logoff application or control panel System Message Intercept (SMI) Hide system messages and redirect to a log file for later access Monitor logs and/or pop-up a friendly user dialog for user
Operational SMI Registry Keys: HKEY_Local_MachineSystemCurrent. Control. SetControlError Message Instrument. Name Type Value Enable. Default. Reply REG_DWORD 0 x 00000001 Enable. Logging REG_DWORD 0 x 00000001 Log. Severity REG_DWORD Multiple Log Severity options: 0 -5 HKEY_Local_MachineSystemCurrent. Control. SetServicesEvent. LogApplication Error Instrument Name Type Value Types. Supported REG_DWORD 0 x 00000007 Event. Message. File REG_DWORD %System. Root%System 32User 32. dll
Operational Message Box Intercept service for non-OS system messages Alert administrator or central office that an error occurred Scan the Event Logs MBI service send out a message
Demo Security/Operational Drive lockdown, Key Hook, Dual shells
Embedded Roadmap 2006 2007 2008 Windows Vista for Embedded Systems Next Release XPe & Vista XPe FP 2007 EEF Improvements Componentization Approved XPe FP 2008 IE 7, WMP 11, . NET V 3. 0 RDP 6. 0 Under investigation
Summary With customization, Windows XP Embedded can be made to look like an appliance Windows XP Embedded supports enough flexibility so the look and feel is up to the developer Many choices to be made – Security and Management must be designed in upfront
My Blog //blogs. msdn. com/davbaker Embedded developer http: //msdn. microsoft. com/embedded French Mobile & Embedded Home http: //www. microsoft. com/france/msdn/mobilite/default. mspx Windows Embedded Home http: //www. microsoft. com/windows/embedded XP Embedded Evaluation http: //www. microsoft. com/downloads/details. aspx? Family. ID=dacd 1722 -256 b -48 c 5 -91 c 1 -af 6062340 efc&Display. Lang=en XP Embedded Feature Pack 2007 Evaluation http: //www. microsoft. com/downloads/details. aspx? Family. ID=9 bdf 1 dea-a 37 e 4 d 25 -83 df-aabbaa 78914 f&Display. Lang=en
La référence technique pour les IT Pros : technet. microsoft. com Abonnement Tech. Net Plus : Versions d’éval + 2 incidents support La référence technique pour les développeurs : msdn. microsoft. com Visual Studio 2005 + Abonnement MSDN Premium S’informer - Un portail d’informations, des événements, une newsletter bimensuelle personnalisée Se former - Des webcasts, des articles techniques, des téléchargements, des forums pour échanger avec vos pairs Bénéficier de services - Des cursus de formations et de certifications, des offres de support technique
Votre potentiel, notre passion TM © 2007 Microsoft France
- Slides: 40