How OEMs implement Clean Boot on WM5


Posted by: Sue Loh (with help from Andrew Rogers)

I’ve seen this question fly by a few times, so I’m blogging it.  “Now that Windows Mobile 5 is persistent store based, how are OEMs supposed to implement a clean boot?”  The idea is to reset the registry, databases and all files to produce a “clean” device, as if it came straight out of the factory.

What happens is that when the file system driver manager (FSDMGR) mounts the drivers for the persistent store, it will call an OAL IOCTL to determine whether the partition needs to be formatted.  So OEMs must tell FSDMGR to call the IOCTL, and they must implement the IOCTL.  In more detail, OEMs should do the following:

  1. Implement IOCTL_HAL_QUERY_FORMAT_PARTITION (this might mean the OALIoCtlHalQueryFormatPartition function in %_WINCEROOT%\platform\*\src\kernel\oal\ioctl.c).  FSDMGR will call this IOCTL whenever it mounts a block driver that has the “CheckForFormat” registry value set.
  2. Implement a trigger to set the value passed by OALIoCtlHalQueryFormatPartition().  For example, some devices will clear the persistent store whenever the user presses a particular key-combination during boot.  How this key-combination is chosen and implemented is up to the OEM, I believe.
  3. Add “CheckForFormat” to the storage profile in the registry.

Older mechanisms like IOCTL_HAL_GET_HIVE_CLEAN_FLAG should not be used with Windows Mobile 5.  You don’t want to get into situations where the registry is cleaned but the rest of persistent storage is not.

Comments (8)

  1. zhangbing says:

    i have few questions.

    1) as i have set checkforformat =1 and i have implemented this ioctl, so it will do the clean boot allways. how can i make it conditional, so that user can choose when he wants clean boot

    2) if i wanted to do clean boot. shall i have to invoke reboot, so that this ioctl gets invoked, because IOCTL_HAL_QUERY_FORMAT_PARTITION ioctl is called by filesys.exe.

    Thanks,

    Zhangbing

  2. ce_base says:

    Hello Zhangbing,

    For your second question — yes, this IOCTL is called during boot, so the cleaning would have to involve a boot.  The answer to your first question is really, "whatever you want to do."

    Here is one idea: You could make a control-panel applet that the user goes to, to say that they want to reboot and wipe everything.  The applet would set some state that persists after the reboot, that can be easily read inside the OAL.  The IOCTL would read the state after the reboot, and tell the OS to clean-boot.  So, the user experience is to use the control-panel to invoke a clean boot.

    Another idea: You could have some code in your bootloader or your OAL that detects when a user presses a particular key-combination during boot, and uses that to set a flag which makes your IOCTL say that the OS should clean boot.  So the user experience is to turn off their device, then turn it back on again while holding certain keys down, to invoke a reboot.

    I think most OEMs choose the key-combination during boot.  It has the advantage that very little of the system needs to work in order to use it.  If something is so messed up that the device won’t boot or won’t show the control panel, then the control panel applet can’t help.

    Sue

  3. zhangbing says:

    Thanks Sue,

    It has cleared my doubt.

  4. Zhangbing says:

    Hi Sue,

    i have implemented IOCTL_HAL_CLEAN_HIVE_FLAG, and it is cleaning the user profiles which are stored in flash memory.so it is clearing the persistent storage also.

    after this i have implemented IOCTL_HAL_QUERY_FORMAT_PARTITION, But it is not being called by filesys.exe.

    in reg file i have added following entry :

    [HKEY_LOCAL_MACHINESystemStorageManagerProfilesFlashDiskTFAT]

      "CheckForFormat"=dword:1

    in memory.cfg.xml file, i have following entry :

    <USERSTORE ID="TFAT" STORAGE_ID="NAND" PART_TYPE="0X04"></USERSTORE>

    can you tell me, by implementing the ioctl_hal_clean_hive_flag, can we say i have done clean booting, if it clears user profiles.

    or

    we expect some other things also from clean booting.

    Thanks,

    Vishal Raj

  5. ce_base says:

    Hi Vishal,

    There is technically no file system named "TFAT" that the storage manager is aware of; TFAT volumes are configured as "FATFS" volumes. Try changing your registry key to:

    [HKEY_LOCAL_MACHINESystemStorageManagerProfilesFlashDiskFATFS]

     "CheckForFormat"=dword:1

    and see if you get the IOCTL.

    Regards,

    Andrew

  6. Jeremy says:

    Hi Sue,

    I am developing code for an existing WM5 platform (HP iPAQ hx2790), and our customers have a requirement for a software application that will return the device to factory standard (i.e. Clean Reset) without needing to perform the special clean reset key combination on the device.

    For our previous platform (HP iPAQ hx2750 running PPC2003SE), I could acheive the desired result with a hard reset by calling SetCleanRebootFlag(), followed by KernelIoControl(IOCTL_HAL_REBOOT, NULL, 0, NULL, 0, NULL).

    Is there any equivalent way of doing this in WM5? I would like to do this either using eVC++4 or Visual Studio 2005. I don’t think I can use Platform Builder because I don’t have a BSP etc (hope that’s the right terminology) for the iPAQ hx2790.

    Any tips are much appreciated…

    Cheers,

    Jeremy

  7. ce_base says:

    I’m sorry, but there is no equivalent.  :-(  Only OEMs can clean-boot.  It’s not a matter of having Platform Builder either, it’s a matter of implementing the OEM code on the device.  Something you can’t change.

    Sorry for the bad news,

    Sue

  8. Matthew says:

    In light of the MSFP for WM5, does the OEM-only nature change? One of the new features of the MSFP along with Exchange Server 2003 SP1 is the ability to command a remote zeroize of the deive. I read this to be a remotely commanded hard-reset. Is there now a way to accomplish the same locally? If not, I suspect that at a minimum the OEM had to provide the implementation of some function which is called in this special case, so then it would be a matter of determining how to call said function.