Early Launch Antimalware Testing Prerequisites

This section describes the tasks that you must complete before you test your Early Launch Anti-Malware (ELAM) driver by using the Windows Hardware Lab Kit (Windows HLK):

The ELAM software feature provides a Microsoft-supported mechanism for antimalware software to start before all other third-party components. The system first initializes antimalware drivers and allows these drivers to control the initialization of boot drivers, so that the system does not initialize unknown boot drivers. After the boot process has initialized the boot drivers and access to persistent storage is available efficiently, existing antimalware software may continue to block malware from executing.

For more information, see Firmware and Boot Environment.

Hardware requirements

The following hardware is required for testing:

  • Two test computers. These test computers must meet the Windows HLK prerequisites and must be included in the same computer pool. For more information, see Windows HLK Prerequisites.

Note

To certify your product for use on servers, the test computer must support four processors and a minimum of 1 GB of RAM. These system capabilities are required to test the Rebalance, D3 State, and Multiple Processor Group functionality of the device and driver. You do not need a computer that actually has more than 64 processors to test your device. Additionally, the server system(s) being used for device or driver testing must have Server Core installed prior to testing. For more information see Windows Server Installation Options.

If you use a pool of test computers to test your product, at least one computer in the pool must contain four processors and a minimum of 1 GB of RAM. Additionally, that computer must contain the product that you want to test. As long as the driver is the same on all the computers in the pool, the system creates a schedule to run against all test computers.

For tests that do not include a driver to test, such as hard disk drive tests, the Windows HLK scheduler constrains the tests that validate the device's and driver's Rebalance, D3 State and Multiple Processor Groups functionality to run on the default test computer. You must manually configure this computer to have multiple processor groups. The default computer is the first test computer in the list. Test personnel must make sure that the first test computer in the list meets the minimum hardware requirements.

Note

Except for para-virtualization drivers (as defined by the WHCP Policies and Processes document), you may not use any form of virtualization when you test physical devices and their associated drivers for server certification or signature. All virtualization products do not support the underlying functionality that is required to pass the tests that relate to multiple processor groups, device power management, device PCI functionality, and other tests.

Note

Multiple Processor Groups Setting You must set the value for the processor group size for Hardware Lab Kit testing of Windows Server 2008 R2 and later device drivers for certification. This is done by running bcdedit in an elevated command prompt window, using the /set option.

The commands for adding the group settings and restarting are as follows:

bcdedit.exe /set groupsize 2
bcdedit.exe /set groupaware on
shutdown.exe -r -t 0 -f

The commands for removing the group settings and rebooting are as follows:

bcdedit.exe /deletevalue groupsize
bcdedit.exe /deletevalue groupaware
shutdown.exe -r -t 0 -f

Note

Code Integrity Setting

The Virtualization Based Security feature (VBS) of Windows Server 2016 must be enabled using Server Manager first.

Once that has occurred, the following Registry key must be created and set:

HKLM\System\CurrentControlSet\Control\DeviceGuard
HypervisorEnforcedCodeIntegrity:REG_DWORD
0 or 1 (disabled, enabled)

Software requirements

The following software is required for testing:

  • The driver that you are testing.

    Warning

    Make sure that you install the product on the test computer before you install the Windows HLK Client.

  • The latest Windows HLK filters or updates.

Test computer Configuration

If you are testing unsigned kernel mode drivers, choose one of the following options:

  • Attach a kernel debugger. In this case, the system does not verify or enforce driver signatures. Therefore, any driver can load even if the driver does not have a verified certificate or the driver is unsigned.

  • Create a self-signed certificate by using the makecert.exe file. The certificate must contain the 1.3.6.1.5.5.7.3.3 (codesigning) and 1.3.6.1.4.1.311.61.4.1 (early-launch) EKUs. Afterwards, disable secure boot (if enabled) or enable Secure Boot debugging, and put your computer in test mode by using the bcdedit /set testsigning on command. Test mode means that the system validates the signature and verifies EKUs, but the system does not verify the certificate chain.

Make sure that the test computer is in the ready state before you begin your testing. If a test requires parameters to be set before it is run, a dialog box will be displayed for that test. Review the specific test topic for more information.

Some Windows HLK tests require user intervention. When running tests for a submission, it is a best practice to run the automated tests in a block separately from manual tests. This prevents a manual test from interrupting completion of an automated test.