It seems that Pocket PC OEM's have the choice to implement Pocket PC 2003 on
their device so that applications run either in user-mode (i.e. restricted),
or in kernel-mode (i.e. all privileges).
On Pocket PC 2000 and 2002, all applications run always in kernel-mode (i.e.
with all privileges), i.e. they can execute privileged instructions and
performed privileged system calls, such as
KernelIoControl(IOCTL_HAL_GET_DEVICEID, ...) to obtain the unique device ID.
Applications, when restricted to run in user-mode, cannot execute privileged
instructions and performed privileged system calls succh as KernelIO.
This causes serious compatibility issues, i.e. many applications and games
designed for Pocket PC 2002 will not run on the Pocket PC 2003 devices that
restrict applications to run in user-mode only.
Of course, there are security issues involved, and in the case of Pocket PC
"Phone Edition", allowing applications to run in kernel-mode means that all
applications can access the entire system (and network) with no control.
This may be a problem. But security issues for regular Pocket PC does not
seem to be such a big issue.
Restricting Pocket PC 2003 to run applications in user-mode causes serious
compatibility issues and we have experienced the problem already!
On Pocket PC, PocketTV currently relies on some code that can only run in
kernel-mode, so it does not run on the Pocket PC 2003 devices that restrict
applications to run in user-mode. And yes, there are very good reasons for
us to use privileged instructions (and system calls). To give you only one:
There is no reliable system call in the Pocket PC that provide the Processor
ID (i.e. to determine if it is StrongARM, Xscale PXA 250, Xscale PXA 255
etc). We need this information (100% reliably, in order to determine if we
can run Xscale-optimized code or not), so we need to use a privileged
instructions to access the Processor ID. The Pocket PC system calls that
are supposed to return the processor type is almost never implemented
corectly by OEM, so they are not useable
(KernelIoControl(IOCTL_PROCESSOR_INFORMATION,...) and GetSystemInfo()).
On Smartphone 2002, applications run in user-mode unless they have a
credential (certificate) allowing them to run with a more elevated level of
trust. There is a very complicated system to deal with this. And this
creates problems (e.g. impossible to determine the processor type!!!).
Do we really need this on Pocket PC 2003 ?
There seem to be a lot of confusion among Pocket PC OEM's regarding how to
adress this issue.
Can someone from MS comment on this SERIOUS issue ?