Elab Driver

12/14/2021by admin
-->

E-LAB Computers, Grombacher Str. 27, 74906 Bad Rappenau, e-mail [email protected], Tel.24 webdesign by contronixcontronix. After logging in, in the right pane under Product and Support Tools, click E-Lab Navigator. My original question is not on what versions are supported, but where on earth did the relevent elab sections disappear to. If you plug in McAfee 8.8 into the elab, all you get is a matrix for Celerra Event Enabler up to version 4.9.1. Drivers for calibration equipment. Detailed Test Setup. Report function allows detailed test criteria to be programmed in the software by the operator. Information on sensor replacement, operator, test, vesse. L, required temperature limits, start and stop time, monitoring interval and specific calculations can all be repeated.

Driver installation must use existing tools for online and offline installation, registering a driver through typical INF processing. For sample ELAM driver code, please see the following:https://github.com/Microsoft/Windows-driver-samples/tree/master/security/elam

AM Driver Installation

To ensure driver install compatibility, an ELAM driver advertises itself as a boot-start driver similar to all other boot-start drivers. The INF sets the start type to SERVICE_BOOT_START (0), which indicates that the driver should be loaded by the boot loader and initialized during kernel initialization. An ELAM Driver advertises its group as “Early-Launch”. The early launch behavior for drivers in this group will be implemented in Windows, as described in the next section.

The following is an example of the driver install section of an ELAM driver INF.

Because an AM driver does not own any devices, it is necessary to install the AM driver as a Legacy so the driver is only added as a service into the registry. (If the AM driver is installed as a normal PNP driver, it will be added to the enum section of the registry and therefore will have a PDO reference, which will lead to unwanted behavior when unloading the driver.)

You also need to include a SignatureAttributes Section in the INF file for the ELAM driver.

Backup Driver Installation

To provide a recovery mechanism in the event that the ELAM driver is inadvertently corrupted, the ELAM installer also installs a copy of the driver in a backup location. This will allow WinRE to retrieve the clean copy and recover the installation.

The installer reads the backup file location from the BackupPath key stored in

The installer then places the backup copy in the folder specified in the regkey.

AM Driver Initialization

Elab Driver

The Windows boot loader, Winload, loads all boot-start drivers and their dependent DLLs into memory prior to handoff to the Windows kernel. The boot-start drivers represent the device drivers that need to be initialized before the disk stack has been initialized. These drivers include, among others, the disk stack and volume manager, and file system driver and bus drivers for the operating system device.

AM Driver Callback Interface

The ELAM drivers use callbacks to provide the PnP manager with a description of every boot-start driver and dependent DLL, and it can classify every boot image as a known good binary, known bad binary, or an unknown binary.

The default operating system policy is not to initialize known bad drivers and DLLs. Policy can be configured and is measured by Winload as part of boot attestation.

PnP uses policy and the classification provided by the AM driver to decide whether to initialize each boot image.

Registry Callbacks

The Early Launch drivers can use registry or boot driver callbacks to monitor and validate the configuration data used as input for each boot-start driver. The configuration data is stored in the System registry hive, which is loaded by Winload and is available at the time of boot driver initialization.

Note

Any changes to the ELAM registry hive are discarded before the system boots.As a result, an ELAM driver should use standard Event Tracing for Windows (ETW) logging rather than writing to the registry.

These callbacks are valid through the lifetime of the ELAM driver and will be unregistered when the driver is unloaded. For more info, see:

Boot Driver Callbacks

Use IoRegisterBootDriverCallback and IoUnRegisterBootDriverCallback to register and unregister a BOOT_DRIVER_CALLBACK_FUNCTION.

This callback provides status updates from Windows to an ELAM driver, including when all boot-start drivers have been initialized and the callback facility is no longer functional.

Callback Type

The BDCB_CALLBACK_TYPE enumeration describes two types of callbacks:

  • Callbacks that provide status updates to an ELAM driver (BdCbStatusUpdate)
  • Callbacks used by the AM driver to classify boot-start drivers and dependent DLLs before initializing their images (BdCbInitializeImage)

The two callback types have unique context structures that provide additional information specific to the callback.

The context structure for the status update callback contains a single enumerated type describing the Windows callout.

The context structure for the initialize image callback is more complex, containing hash and certificate information for each loaded image. The structure additionally contains a field that is an output parameter where the AM driver stores the classification type for the driver.

An error returned from a status update callback is treated as a fatal error and leads to a system bug check. This provides an ELAM driver the ability to indicate when a state is reached outside of AM policy. For example, if an AM runtime driver was not loaded and initialized, the Early Launch driver can fail the prepare-to-unload callback to prevent Windows from entering a state without an AM driver loaded.

An image is treated as unknown when an error is returned from the initialize image callback. Unknown drivers are initialized or have their initialization skipped based on OS policy.

Malware Signatures

The malware signature data is determined by the AM ISV, but should include, at a minimum, an approved list of driver hashes. The signature data is stored in the registry in a new “Early Launch Drivers” hive under HKLM that is loaded by Winload. Each AM driver has a unique key in which to store their signature binary large object (BLOB). The registry path and key has the format:

Within the key, the vendor is free to define and use any of the values.There are three defined binary blob values that are measured by Measured Boot, and the vendor may use each:

  • Measured
  • Policy
  • Config

The ELAM hive is unloaded after its use by Early Launch Antimalware for performance. If a user mode service wants to update the signature data, it should mount the hive file from the file location WindowsSystem32configELAM. For example, you could generate a UUID, convert it to a string, and use that as a unique key into which to mount the hive.The storage and retrieval format of these data BLOBs is left up to the ISV, but the signature data must be signed so that the AM driver can verify the integrity of the data.

Verifying Malware Signatures

The method for verifying the integrity of the malware signature data is left up to each AM ISV. The CNG Cryptographic Primitive Functions are available to assist in verifying digital signatures and certificates on the malware signature data.

Malware Signature Failure

If the ELAM driver checks the integrity of the signature data, and that check fails, or if there is no signature data, the initialization of the ELAM driver still succeeds. In this case, for each boot driver the ELAM driver must return “unknown” for each initialization callback. Additionally, the ELAM driver should pass this information onto the runtime AM component once it has started.

Unloading the AM Driver

When the callback StatusType is BdCbStatusPrepareForUnload, this is an indication to the AM driver that all boot drivers have been initialized and that the AM driver should prepare to be unloaded. Before unloading, the early launch AM driver needs to deregister its callbacks. Deregistration cannot happen during a callback; rather, it has to happen in the DriverUnload function, which a driver can specify during DriverEntry.

To maintain continuity in malware protection and to ensure proper handoff, the runtime AM engine should be started prior to the early launch AM driver being unloaded. This means that the runtime AM engine should be a boot driver that is verified by the early launch AM driver.

Performance

The driver must meet the performance requirements defined in the following table:

Scenario(s)

Start Time

End Time

Upper Bound

Evaluate loaded boot critical driver before allowing it to initialize. This also includes status update callbacks.

Kernel calls back to antimalware driver to evaluate loaded boot critical driver.

Antimalware driver returns evaluation result.

0.5ms

Evaluate all loaded boot critical drivers

Kernel calls back to antimalware driver to evaluate the first loaded boot critical driver.

Antimalware driver returns evaluation result for last boot critical driver.

50 ms

Footprint (driver + configuration data in memory)

N/A

N/A

128kB

Initializing Drivers

Once the boot drivers are evaluated by the ELAM driver, the Kernel uses the classification returned by ELAM to decide whether to initialize the driver. This decision is dictated by policy and is stored here in the registry at:

This can be configured through Group Policy on a domain-joined client. An antimalware solution may want to expose this functionality to the end user in nonmanaged scenarios. The following values are defined for DriverLoadPolicy:

Boot Failures

If a boot driver is skipped due to the initialization policy, the Kernel continues to attempt to initialize the next boot driver in the list. This continues until either the drivers are all initialized, or the boot failed because a boot driver that was skipped was critical to the boot. If the crash occurs after the disk stack is started, then there is a crash dump, and it contains some information about the reason or the crash, to include information about missing drivers. This can be used in WinRE to determine the cause of the failure and to attempt to remediate.

ELAM and Measured Boot

If the ELAM driver detects a policy violation (a rootkit, for example), it should immediately call Tbsi_Revoke_Attestation to invalidate the PCRs that indicated that the system was in a good state. The function returns an error if there is a problem with measured boot, for example no TPM on the system.

Tbsi_Revoke_Attestation is callable from kernel mode. It extends PCR[12] by an unspecified value and increments the event counter in the TPM. Both actions are necessary, so the trust is broken in all quotes that are created from here forward. As a result, the Measured Boot logs will not reflect the current state of the TPM for the remainder of the time that the TPM is powered up, and remote systems will not be able to form trust in the security state of the system.

1.12 — (2020-05-11)
—————–
–common
*fix issue of saving/loading file with special characters
*fix issue #226, double-click open dsl file on Windows

–for logic analyzer
*improve range settings in decoders
*add QSPI and MIPI DSI decoders
*merge enhancement of LPC decoder
*fix issue #300, time precision for csv export of decoder results
*fix out-of-order issue of multiple annotation rows in one decoder
*fix issue #306, VCD file export uses the wrong identifier codes

1.11 — (2020-04-09)
—————–
–common
*improve the icons with svg format for better high DPI display
*fix out of screen issue when DPI scale >= 1.5 @ 1080P

–for logic analyzer
*fix type-c orientation issue for U3Pro16/U3Pro32
*fix decoder issues (enhance detection of i2s stop and dmx512 break)

–for oscilloscope
*improve the auto gain control during auto calibration for U2B100/U3P100
*fix issue of first trigger be ignored

Elab Drivers License

1.10 — (2020-02-22)
—————–
–common
*add support for DSCope U3P100 device (100M bandwidth/1G samplerate/USB3.0 oscilloscope)
*add support for DSLogic U3Pro32 device (32 channels/1G samplerate/USB3.0 logic analyzer)
*add support for DSCope U2B100 device (100M bandwidth/1G samplerate/USB2.0 oscilloscope)
*add support for DSLogic U3Pro16 device (16 channels/1G samplerate/USB3.0 logic analyzer)
*add display of device type (USB 2.0 / USB 3.0 / Demo / File)
*add version check for FPGA firmware
*improve the default file name when saving/exporting files
*fix other display and language issue

–for logic analyzer
*extend channel support for trigger up to 32 channels
*fix issue of ps/2 decoder (#239)
*fix issue of cec decoder (#235)
*fix ID issue when export results of decoder (#237)
*fix “not” logic don’t work in advance trigger
*fix other display issues

–for oscilloscope
*improve wave shake issue when trig high freqency signals
*fix sampling point selection issue of downsampling
*add 20M bandwidth limitation for DSCope U2B100 / DSCope U3P100 devices
*improve synchronism between data acquisition and wave dispaly
*fix wave display and measurement issue when change vdiv and offset after stop
*fix capture restart issue when change offset in roll mode
*fix issue of timebase of math channel can’t be changed when waiting trigger
*fix issue of offset can’t be changed when waiting trigger
*fix clear and flicker issue of auto measurements
*fix cursor and mouse measurements issue after change samplerate when waiting trigger
*fix trigger issue when toggle between different trigger source

–for data acquisiton
*fix hardware offset setting issue
*fix mipmap issue of long time data at some case
*add cursor and mouse measurements

1.01 — (2019-09-15)
—————–
–common
*fix issue #227 (firmware compitable issue with certain hardware)

1.00 — (2019-09-09)
—————–
–common
*add multi-language support and dynamic switch
*add two themes (dark/light) support and dynamic switch
*improve 4K/high DPI display support
*add close function for file type device
*add message tips when encounter file save errors
*fix file format of export file, like VCD
*fix other minor issues

–for logic analyzer
*add support for V3 version decode library
*add more decoders, the number of decoders come up to 97
*improve options and speed for certain decoders
*fix load&store issue of some decode options
*fix wrong measure result at certain sample rate
*fix channel selection of stream mode
*fix filter issue above 100M sample rate
*fix decode error for long time capture
*fix progress display issue when set region decode
*improve measurement bwteent edges in different channels

–for oscilloscope
*improve the auto measure funciton, support up to 20 measurements
*improve UI for auto measure
*implement x-y mode display for lissajous-figure
*implement Add/Sub/Mul/Div math channel
*add horizontal measure cursors
*improve measure of frequency, refer to current trigger level
*fix captured wave display issue when change horizontal resolution
*fix inconsistant issue when export csv file
*improve algorithm of frequency measure, especially for low frequency and special signals
*improve autoset function
*improve auto calibraiton function

–for data acquisiton
*add default settings of Y-axis

0.99 (2018-05-30)
—————–
–common
*add boundary for the main window
*fix the double border issue #130
*fix measure no update when change cursor in Rule area
*add sample duration setting instead of sample count
*improve save/load and export support
*fix other minor issues

–for logic analyzer
*add more decoders
*add edges distance measure between channels
*add RLE compress options

–for oscilloscope
*add DSCopeC20/DSCopeC20P devices support
*improve UI of channel settings
*improve autoset function

–for data acquisiton
*add DAQ mode for DSCope serial devices

0.98 (2017-07-29)
—————–
–common
*fix hardware initialization issue(always red led indicator) when power on
*improve move operations of cursors/label/trigger level, support both press-drag and select-move-release mode
*update the manually, and integrate into the menu of the software
*improve the content of ‘About’ menu, add ‘changelogs’ information
*firmware/HDL update

–for logic analyzer
*improve display scale of decoder contents under exception case
*fix display issue of progressbar of saving dsl file, when sample depth greater than 4G
*fix export issue when part of channels enalbed
*fix pattern search issue.
*fix out of boundary issue of scroll bar, when sample depth greater than 8G

–for oscilloscope
*fix auto calibraiton issue
*improve noise processing method

0.97 (2017-06-02)
—————–
–common
*fix file save fail issue
*fix window missing issue when disconnect external monitor
*fix crash issue when open illegal files
*improve graphics rendering and operations fluency
*fix window display issue: maximize/minimize/show/hide…etc

–for logic analyzer
*Enhance stream mode funtion to achieve [email protected] / [email protected] / [email protected] / [email protected]
*improve memory structure, extend sample depth to solve memory alloc fail issue
*resolve the coupling between channel data, unused channels don’t occupy memory space
*add stop options to support upload already captured data under buffer mode
*add save/load function for protocol settings
*add cursor-based edge statistics function
*add repetitive mode to support repeat trigger acquisiton
*improve search funciton to support start position setting
*improve advanced trigger
*improve cursor measurement method, add 16 sets of measurement between cursors
*fix trigger issue when sample rate greater than 100MHz
*fix display issue of trigger position
*implement free combination of channels under stream mode
*improve file saving display window, and add cancel button
*fix partial decoding issue
*fix messy code issue when add protocol decoder
*improve the stability of protocol decoder
*add mapping funtion from graphic decode to list decode
*add mapping flag between grapic decode and list decode
*add channel height option for file device
*add auto snap to edge function when insert cursor

–for oscilloscope
*fix dsl file loading issue
*fix waveform delay display issue after trigger
*fix crash issue when enable/disable channels
*fix vertical position moving issue under stop state
*fix window background rendering issue

0.96 (2016-08-12)
—————–
–common
*change color matching of UI
*fix memory leakage issues
*improve stability of usb transfer
*add new hardware support
*improve interaction of mouse operations
*improve stability of multi-thread operations
*change usb driver under windows system
*add path memory for file operations
*custom windows title of UI
*change path of setting files, avoid authority issues

–for logic analyzer
*add list viewer for results of protocol decoders
*add search function for protocol list viewer
*add file export for results of protocol decoders
*improve speed and memory usage of protocol decoders
*improve protocol decoders scripts (i2c, uart, spi already done)
*add start and end settings for protocol decoders
*improve serial trigger, add counter for serial value
*improve display and settings for protocol decoders
*add display of trigger time
*add multi-row search for protocol list viewer
*add trigger position and time for file save

–for oscilloscope
*add FFT function for signal analyzer
*add auto/trigger shift function
*improve zero adjustment program
*add manual zero adjustment
*add gain adjustment for each vdiv
*fix signal display issue when resize window
*fix crash issue when change measure settings
*fix run-without-display issue
*add trigger sensitivity setting
*add display of trigger status
*fix measure setting reset issue

0.95 (2015-12-14)
—————–
–for logic analyzer
*add RLE compress mode
*improve mode setting strategy, fix channel number
*add edge count function
*fix memory leakage when run protocol decoder
*add signal height setting, improve display issue
*fix crash issue when add group signal
*fix channel enable/disable issue
*fix channel display issue when load file input
*add cursor by mouse double-click
*fix other issues

Elan driver asus

–for oscilloscope
*add file export/load function
*fix wait time issue when trigger setted
*improve display of signal measure
*add Vrms/Vmean/Vp-p measure
*fix setting issue when load session
*imporve add/del of measure ruler
*fix other issues

Elab Driver

0.94 (2015-06-29)
—————–
* add session load/store function
* add drag-and-drop effect in viewport window
* improve display effect of dock windows, add scroll bar
* fix other GUI issues

–for logic analyzer
* upgrade advance trigger counter from 16bit to 32bit
* add serial trigger function
* fix memory leakage issue when load *.dsl files
* fix delete group signal issue when no data captured

–for oscilloscope
* add measurement of width, period, frequency and duty cycle
* fix instant capture issue @ demo mode
* add trigger hold-off time function
* fix channels enable/disable issue
* fix data error issue of instant capture before normal capture
* fix trigger position issue when only one channel enabled
* fix trigger level can’t be changed issue when only one channel enabled

0.93 (2015-05-08)
—————–
* Upgrade to qt5 library
* Support stdc++11
* Improve measure function @ LA mode
* Add duty cycle measure @ LA mode
* Fix out of range issue @ LA mode
* Add export function, support csv/vcd/gnuplot/zip @ LA mode; and csv @ DSO mode
* Add x1/x10/x100 probe options @ DSO mode
* Add measure function @ DSO mode
* Add voltage display of trigger value @ DSO mode
* Fix wave disappear issue @ DSO mode
* Fix trigger issue @ DSO stream mode
* Fix data repeat when set trigger @ LA stream mode
* Keep channel settings when reload occurred @ LA mode
* Fix decoder issue when capture part of data @ LA mode
* Fix stack decoder add issue @ LA mode
* Fix other bugs

0.92 (2015-04-15)
—————–
* Add DSLogic Pro and DSCope support
* Add Stream mode to DSLogic & DSLogic Pro
* Support up to 1G samples @ LA mode
* Add zero adjustment @ Oscilloscope mode
* Support zero skew parameters restore
* Enhance stbility
* Fix other bugs

Elan Driver

0.4 (2014-09-24)
—————–
* Add protocol decoders (38) support
* Improve the hardware configuration under various platforms
* Add different thresholds support
* Add options for input filter under logic analyzer mode
* Add instant capture(trigger ignore) under logic analyzer mode
* Ad detail capture status display under logic abrary
* Support stdc++11
* Improve measure function @ LA mode
* Add duty cycle measure @ LA mode
* Fix out of range issue @ LA mode
* Add export function, support csv/vcd/gnuplot/zip @ LA mode; and csv @ DSO mode
* Add x1/x10/x100 probe options @ DSO mode
* Add measure function @ DSO mode
* Add voltage display of trigger value @ DSO mode
* Fix wave disappear issue @ DSO mode
* Fix trigger issue @ DSO stream mode
* Fix data repeat when set trigger @ LA stream mode
* Keep channel settings when reload occurred @ LA mode
* Fix decoder issue when capture part of data @ LA mode
* Fix stack decoder add issue @ LA mode
* Fix other bugsnalyzer mode
* Add quick button for mode shift
* Redesign the GUI for oscilloscope
* Add flexible sample rate support under oscilloscope mode
* Fix trigger value setting issue
* Improve trigger method under oscilloscope mode
* Add shortcut keys for major operations
* Fix other bugs

0.3 (2014-06-29)
—————–
* Add DSLogic Oscilloscope module support.
* Fix data display issue when not all channels be enabled.
* Fix issue of data mirrored to other channels.
* Fix radiobutton/checkbox display issue under certain windows theme.
* Add new simple trigger type
* Fix bugs of trigger setting and detection
* Fix other minior issues.
* Clean up the git repository

0.2.1 (2014-05-08)
——————
* Add wireless extension hardware support.
* Fix libusb_error_io issue on Linux when sample rate >= 100MHz.
* Fix channel enable/disable bug.
* Fix device options config issue.
* Fix some display issues of UI.

0.2.0 (2014-04-13)
——————
* Add DSLogic hardware support.

Elab Drivers Ed

0.1.0 (2013-12-15)
——————
* Initial release.

Comments are closed.