Windows7 adopts SLP2. 1, and verifies the digital signature of product certificate with SLIC public key loaded into memory from BIOS in advance. If the verification fails, it is considered invalid. As long as we use everest software, we can view SLIC information in our BIOS.
I. Introduction. SLP technology
Microsoft introduced SLP (System Locking Pre-installation) technology from Windows XP to help activate OEM products. SLP is only used for OEM products, and will only appear in the retail version and volume licensing products.
Windows XP adopts SLP 1.0 version, and its principle is to detect whether there is a specific SLP string set by OEM hardware manufacturer in BIOS. If yes, it is considered that the software is legally authorized by the OEM and becomes active software. Otherwise, the user needs to enter the COA number attached to the OEM hardware and activate the software through the network or telephone. Because of its simple principle, it was quickly cracked by people familiar with BIOS principle and related software operation, and the same effect was achieved at will on the non-OEM hardware-DIY compatible machine. DMI editing software is widely used to add SLP strings in the DMI data area of BIOS, which makes Windows XP think that OEM authorization is legal and becomes active.
In Microsoft's new Windows Vista operating system, SLP technology has been upgraded to version 2.0. In view of the deficiency of 1.0, SLP 2.0 strengthens the verification technology, making it change from a simple verification string to the verification of SLP certificate, logo and hardware-related characteristics in BIOS. SLP 2.0 extends a new table SLIC in the ACPI of BIOS to store SLP certificate public key (SLP public key) and SLP authorization flag (SLP flag).
The specific verification process of SLP 2.0 technology is as follows:
1. If SLP product keys (SLP and CD keys used) are detected, the SLP verification process will be started.
2.Windows confirms that the OEM certificate it contains (imported) is signed by Microsoft. If an OEM certificate is detected, SLP verification will continue. If the OEM certificate is not detected, SLP verification will fail and the product needs to be activated.
3.OEM certificate will be compared with OEM public key in ACPI_SLIC BIOS table. If the OEM certificate matches the OEM public key in the BIOS, the SLP verification process will continue. If the OEM certificate does not match the OEM public key in the BIOS, SLP verification will fail and the product needs to be activated.
4.ACPI _ slicbios table also contains SLP flag. Verify SLP flag through OEM public key. If so, the SLP verification process will continue. Otherwise, SLP verification will fail and the product needs to be activated.
5.SLP flag includes OEMID string and OEMTableID string, which are compared with OEMID and OEMTableID of ACPI_RSDT and ACPI_XSDT. If one of them exactly matches the string in the SLP flag, the SLP passes the verification. Otherwise, SLP verification will fail and the product needs to be activated.
Two. The technical weakness of. SLP
After reading the above introduction, you should have a preliminary understanding of SLP 2.0 verification. For DIY compatible computers, there is only ACPI_SLIC table in BIOS, so it cannot pass SLP 2.0 verification. However, SLP 2.0 technology also has weaknesses. We can use the information obtained from OEM hardware-various brands of machines to transplant the verification data of SLP 2.0 to DIY compatible machines.
SLP product key, OEM certificate, SLP certificate public key and SLP logo are all known to those who have purchased OEM hardware pre-installed with Windows Vista. SLP product key and OEM certificate are usually stored in Windows Vista system recovery disk. The SLP certificate public key and SLP flag are stored in the ACPI_SLIC table of the BIOS of OEM hardware.
The compatible computer of DIY can't meet the SLP 2.0 verification, mainly because of the lack of ACPI_SLIC table in BIOS. Everything else can be obtained by separating the relevant data in OEM hardware. So the most important thing is to add SLP 2.0 support to the BIOS-in the absence of BIOS source code, add an ACPI_SLIC table containing SLP certificate public key and SLP flag to the BIOS. It is difficult to achieve real addition, and the method adopted is to replace the existing ACPI table with less functions. Although it may cause some problems, it is completely sufficient for testing and technical demonstration.
In addition, SLP 2.0 verifies the consistency of OEMID and OEMTableID strings in the SLP flag with the corresponding strings of ACPI_RSDT and ACPI_XSDT in the system BIOS. Therefore, we must modify the OEMID and OEMTableID of ACPI_RDST and ACPI_XSDT in the BIOS of compatible machines, so that the strings in the SLP flag do not match. Although, from a technical point of view, this forced modification of OEMID and OEMTableID is not standardized and may cause problems. However, after testing, this modification can be performed on most BIOS without any obvious problems. To sum up, the technical weakness of SLP 2.0 is that a compatible computer can add the ACPI_SLIC table containing specific data to the BIOS by some means, and modify the OEMID and OEMTableID of ACPI_RSDT to cheat the verification of SLP 2.0, so that it thinks that the hardware used is legal OEM hardware, so that product activation is unnecessary.