On Windows 10 64-bit Build 1809 with VBS enabled, kernelbase.LoadEnclaveImageA() on a VBS enclave fails with error code ERROR_INVALID_IMAGE_HASH (0x241). The DLL being loaded is built with the linker flag /integritycheck and is signed with a test signing certificate using SignTool. The system on which this is being attempted has the BCD TestSigning ON. What other steps are required to load a DLL into a VBS enclave? //KernelDev
Asked
Active
Viewed 387 times
3
-
2This question is about Win32 API programming i.e. conditions for calling the API LoadEnclaveImage() successfully. – kerneldev Mar 03 '19 at 03:10
-
Could you add some code on how exactly you create the enclave? Did you tried to call IsEnclaveTypeSupported() on the enclave type? is the enclave type a VBS enclave type? – Neitsa Mar 04 '19 at 17:09
-
The enclave is a VBS enclave and IsEnclaveTypeSupported(ENCLAVE_TYPE_VBS) returns TRUE. The call sequence is OpenProcess(), CreateEnclave(ENCLAVE_TYPE_VBS), LoadEnclaveImage(). The Enclave size is 4MB. – kerneldev Mar 05 '19 at 05:09