Firmware binaries and where to store them

We have firmware, represented by binary files, stored on the hard drive,
which are loaded onto our chip (which resides on a PCI card) by an
unclassified WDM driver in Windows XP.

During development, we have just installed those files into
%SYSTEMROOT%\system32\ourfolder, but everyone on our team has access
administrative access to those directories. If a consumer installs our card
as an administrator and wants another user, without administrative privs, to
use the card, this is a problem, right?

In the DDK, under Still Image Devices...File System Access, I found a note
that a driver could use the "All Users" profile, and create a subdirectory
under the Application Data directory. Is this the best place to store my
binary firmware images?

When I install stuff and I want to keep record of it in the system registry,
should I put it in HKEY_LOCAL_MACHINE/SOFTWARE/MYFOLDER?

Thanks in advance

Ray
Wed Aug 03 12:20:23 CDT 2005

Umm, your kernel mode driver can access that directory regardless of
what the user's privileges are (at least assuming you don't do it in the
context of an IOCTL from a user-mode thread but instead do it from a
system worker thread).

Lou Rohan wrote:
> We have firmware, represented by binary files, stored on the hard drive,
> which are loaded onto our chip (which resides on a PCI card) by an
> unclassified WDM driver in Windows XP.
>
> During development, we have just installed those files into
> %SYSTEMROOT%\system32\ourfolder, but everyone on our team has access
> administrative access to those directories. If a consumer installs our card
> as an administrator and wants another user, without administrative privs, to
> use the card, this is a problem, right?
>
> In the DDK, under Still Image Devices...File System Access, I found a note
> that a driver could use the "All Users" profile, and create a subdirectory
> under the Application Data directory. Is this the best place to store my
> binary firmware images?
>
> When I install stuff and I want to keep record of it in the system registry,
> should I put it in HKEY_LOCAL_MACHINE/SOFTWARE/MYFOLDER?
>
> Thanks in advance


--
../ray\..

Norman
Wed Aug 03 23:15:57 CDT 2005

> During development, we have just installed those files into
> %SYSTEMROOT%\system32\ourfolder,

Page 150 of Walter Oney's book explains why you have to do exactly that, and
not just during development.

> If a consumer installs our card as an administrator and wants another
> user, without administrative privs, to use the card, this is a problem,
> right?

Permissions for a user to open your device are completely separate from
permissions for a driver to open a disk file. Ray Trent mentioned that
drivers executing in kernel mode have full permissions except when drivers
take efforts to avoid having those permissions. For security reasons you
might have reasons to undertake those efforts, but you probably wouldn't
want to restrict yourself from reading a file of firmware that you intend to
download to your device.

If you want to allow users to write firmware files for subsequent downloads
then you might set permissions on your "ourfolder" to allow writing by
users. There are safer but more complicated ways to go about this.

"Lou Rohan" <LouRohan@discussions.microsoft.com> wrote in message
news:79F6F1BC-7A90-4E7D-AE94-1B41A5D17C31@microsoft.com...
> We have firmware, represented by binary files, stored on the hard drive,
> which are loaded onto our chip (which resides on a PCI card) by an
> unclassified WDM driver in Windows XP.
>
> During development, we have just installed those files into
> %SYSTEMROOT%\system32\ourfolder, but everyone on our team has access
> administrative access to those directories. If a consumer installs our
> card
> as an administrator and wants another user, without administrative privs,
> to
> use the card, this is a problem, right?
>
> In the DDK, under Still Image Devices...File System Access, I found a note
> that a driver could use the "All Users" profile, and create a subdirectory
> under the Application Data directory. Is this the best place to store my
> binary firmware images?
>
> When I install stuff and I want to keep record of it in the system
> registry,
> should I put it in HKEY_LOCAL_MACHINE/SOFTWARE/MYFOLDER?
>
> Thanks in advance

Doron
Thu Aug 04 01:52:06 CDT 2005

a non admin user cannot install your driver in the first place unless it is
signed. if it is signed, include the fw file as a part of the package and
it will be automatically copied over.

d

--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.


"Norman Diamond" <ndiamond@community.nospam> wrote in message
news:uVGs9sKmFHA.708@TK2MSFTNGP09.phx.gbl...
>> During development, we have just installed those files into
>> %SYSTEMROOT%\system32\ourfolder,
>
> Page 150 of Walter Oney's book explains why you have to do exactly that,
> and not just during development.
>
>> If a consumer installs our card as an administrator and wants another
>> user, without administrative privs, to use the card, this is a problem,
>> right?
>
> Permissions for a user to open your device are completely separate from
> permissions for a driver to open a disk file. Ray Trent mentioned that
> drivers executing in kernel mode have full permissions except when drivers
> take efforts to avoid having those permissions. For security reasons you
> might have reasons to undertake those efforts, but you probably wouldn't
> want to restrict yourself from reading a file of firmware that you intend
> to download to your device.
>
> If you want to allow users to write firmware files for subsequent
> downloads then you might set permissions on your "ourfolder" to allow
> writing by users. There are safer but more complicated ways to go about
> this.
>
> "Lou Rohan" <LouRohan@discussions.microsoft.com> wrote in message
> news:79F6F1BC-7A90-4E7D-AE94-1B41A5D17C31@microsoft.com...
>> We have firmware, represented by binary files, stored on the hard drive,
>> which are loaded onto our chip (which resides on a PCI card) by an
>> unclassified WDM driver in Windows XP.
>>
>> During development, we have just installed those files into
>> %SYSTEMROOT%\system32\ourfolder, but everyone on our team has access
>> administrative access to those directories. If a consumer installs our
>> card
>> as an administrator and wants another user, without administrative privs,
>> to
>> use the card, this is a problem, right?
>>
>> In the DDK, under Still Image Devices...File System Access, I found a
>> note
>> that a driver could use the "All Users" profile, and create a
>> subdirectory
>> under the Application Data directory. Is this the best place to store my
>> binary firmware images?
>>
>> When I install stuff and I want to keep record of it in the system
>> registry,
>> should I put it in HKEY_LOCAL_MACHINE/SOFTWARE/MYFOLDER?
>>
>> Thanks in advance
>

Arkady
Thu Aug 04 03:03:48 CDT 2005

And the normal place for f/w is system32\drivers as driver itself
Arkady

"Doron Holan [MS]" <doronh@nospam.microsoft.com> wrote in message
news:uL8MIEMmFHA.572@TK2MSFTNGP15.phx.gbl...
>a non admin user cannot install your driver in the first place unless it is
>signed. if it is signed, include the fw file as a part of the package and
>it will be automatically copied over.
>
> d
>
> --
> Please do not send e-mail directly to this alias. this alias is for
> newsgroup purposes only.
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
> "Norman Diamond" <ndiamond@community.nospam> wrote in message
> news:uVGs9sKmFHA.708@TK2MSFTNGP09.phx.gbl...
>>> During development, we have just installed those files into
>>> %SYSTEMROOT%\system32\ourfolder,
>>
>> Page 150 of Walter Oney's book explains why you have to do exactly that,
>> and not just during development.
>>
>>> If a consumer installs our card as an administrator and wants another
>>> user, without administrative privs, to use the card, this is a problem,
>>> right?
>>
>> Permissions for a user to open your device are completely separate from
>> permissions for a driver to open a disk file. Ray Trent mentioned that
>> drivers executing in kernel mode have full permissions except when
>> drivers take efforts to avoid having those permissions. For security
>> reasons you might have reasons to undertake those efforts, but you
>> probably wouldn't want to restrict yourself from reading a file of
>> firmware that you intend to download to your device.
>>
>> If you want to allow users to write firmware files for subsequent
>> downloads then you might set permissions on your "ourfolder" to allow
>> writing by users. There are safer but more complicated ways to go about
>> this.
>>
>> "Lou Rohan" <LouRohan@discussions.microsoft.com> wrote in message
>> news:79F6F1BC-7A90-4E7D-AE94-1B41A5D17C31@microsoft.com...
>>> We have firmware, represented by binary files, stored on the hard drive,
>>> which are loaded onto our chip (which resides on a PCI card) by an
>>> unclassified WDM driver in Windows XP.
>>>
>>> During development, we have just installed those files into
>>> %SYSTEMROOT%\system32\ourfolder, but everyone on our team has access
>>> administrative access to those directories. If a consumer installs our
>>> card
>>> as an administrator and wants another user, without administrative
>>> privs, to
>>> use the card, this is a problem, right?
>>>
>>> In the DDK, under Still Image Devices...File System Access, I found a
>>> note
>>> that a driver could use the "All Users" profile, and create a
>>> subdirectory
>>> under the Application Data directory. Is this the best place to store
>>> my
>>> binary firmware images?
>>>
>>> When I install stuff and I want to keep record of it in the system
>>> registry,
>>> should I put it in HKEY_LOCAL_MACHINE/SOFTWARE/MYFOLDER?
>>>
>>> Thanks in advance
>>
>
>