Getting your unprivileged drivers and services to work

Currently, you need a privileged cerificate to get your driver or service to load at boot-time, even on Pocket PC 2005 or on a one-tier Smartphone.

The reason for this inconsistency is that at early boot time, the device hasn't yet finished processing the configuration information. The security policies might still be queued to change, so the device must assume it is in the most secure configuration. So we assume we're in two-tier mode, meaning your driver will load as unprivileged if it's unsigned or signed with an unprivileged cert. Since device.exe and services.exe are privileged, they won't be able to load your binary.

But there is a workaround!

If you can delay the loading of your driver or service until the device has booted, then the security model will be totally initialized. This means your code will run as trusted, so it will load fine. One way to do that would be to put a program in the startup folder that loads your service/driver.

This workaround is only applicable on devices where your code will be able to run fully trusted. (typical Pocket PC devices, or Smartphones configured as one-tier) To distribute a driver or service for a typical two-tier Smartphone, you will still need a real privileged development certificate.