On Wednesday, Microsoft announced the general availability of
the Windows Embedded 8 family:
- Windows Embedded 8 Standard, short name
Standard 8, is the componentized version of
Windows 8. Its use shortens development cycles and enables device
makers to create differentiated solutions for any needs.
- Windows Embedded 8 Pro, a full version of
Windows 8 but with dedicated Embedded market licensing.
- Windows Embedded 8 Industry, the new version
of Windows Embedded POSReady 7, a fixed platform solution
based on Windows 8 that provides all the capabilities needed by
retail devices (Point-of-Service - POS).
Windows Embedded 8 Standard and Windows Embedded 8
Pro are available immediately for OEMs to
build and ship solutions.
Windows Embedded 8 Industry, which targets retail
point-of-service (POS) solutions will be available the week
of April 1st.
More information on Windows Embedded 8 family is available at http://www.getwindowsembedded8.com,
at the
official Windows Embedded website and in the Windows
Embedded Newsroom. On Twitter: http://twitter.com/MSFTWEB by
using #getWE8.
Windows Standard 8 Embedded versus Standard
7
After the official announcement of the release of the new
family, let see what are the most significant innovations
introduced, in my opinion, by Standard 8 in
respect to its direct predecessor, Windows Embedded Standard 7
(WES7):
The catalog and the Modules
In Windows Embedded Standard 7 version (Standard
7), the elements that make up a build, were collected in a
file-system directory called "Distribution Share". From here, using
one of the tools for selecting components, ICE (=
Image Configuration Editor, later I will call it the
Configurator) or IBW (= Image
Builder Wizard, later I will call it the
installer), it was possible to create what was
called
Answer-file;
the list of answers to give when creating the build. In
Answer-
files there are stored the list of packages that
should be included in the build and all the configuration
parameters of each package. This architecture is not radically
changed, but in the new version there are some changes and new
features to take account of new technologies introduced by Windows
8.
In Windows Embedded 8 Standard (Standard 8) the
Windows 8 operating system has been "sliced" in
Modules that contain package and/or files that
make up a single "functionally complete" system unit. In other
words, the evolution that began in the transition from
"Components" in Windows
XPembedded to "Packages" in
Windows Embedded Standard 7 is continued
decreasing the "granularity" of the facts in favor of the stability
of the system.
In Standard 8, therefore,
Packages has been replaced by
Modules and the "Distribution Share" by the
"Catalog". Also the default location is changed from:
C:\Program Files (x86)\Windows Embedded Standard
7\DSSP1 for the "Distribution Share" in Standard 7
(SP1)
to
C:\Windows Embedded Catalog for
the"Catalog" in Standard 8
These changes were not only a reorganization of logistics, but a
structural one: many of the features scattered in the "Distribution
Share" packages were incorporated into the new Windows
Embedded Core Module, bringing it to a size of about 2GB.
Each system image must contain this module, that is added
automatically by both the Configurator and the
Installer. Each of the modules in the Catalog can
be independently installed: Microsoft decided to have about 50 sets
of functionality within the Windows Embedded Core
with 800 Modules of additional features
(Feature section) with about 500 possible configurations.
The number of Modules relating to driver fell from
1000 found in Standard 7 to 700 presents in
Standard 8. For Modules, as it
was for the Packages, the Configurator and the
Installer include in the build, on request, all
Modules "in dependence" (required) from those
entered by the user.
One of the new feature of Standard 8 is that
now the user can create new Modules, allowing to
extend his Catalog of all the elements that are
used in the image, thus obtaining a
Configuration-file that can be applied by the
Installer without further action, what is called
an "Unattended installation". This solution for building the system
increases the repeatability and reliability of the installation
because it eliminates human error, especially when you have to work
with multiple slightly different installations.
ELM (Embedded Lockdown Manager)
This new Standard 8 feature is an application
that, started on the target system, allows a number of
configurations that help the user to create a copy of "MASTER" full
image of all those features to "lock" and protect the image from
clumsy or unintentional interventions. Technically
ELM is an element, named
snap-in of MMC (Microsoft Management
Console), which is one of the Microsoft utility to configure the
system. Let's take a little hint of the features that can be
managed by ELM:
- Dialog Filter
This feature combines, in a new way, two filters already present
in Standard 7: the filter on the Pop-Up messages
(Message-Box Default Reply) and the filter on the windows
box (Dialog Box Filter). The operation workflow is based
on the interception of a specific window by the service that
manages this filter. The window (or message) is analyzed and, where
appropriate, intercepted before it is displayed and the action
chosen during configuration (for example: close the window) is
executed. An option added in Standard 8 is the
ability to define a white list, where the main application is
"protected" in this way and, if I have defined as "closing" the
default action, my application will be the only one not being
immediately closed, and in fact I'm protecting it against all the
others.
- Keyboard Filter
This feature had already been released just after the SP1 for
Standard 7 and allows you to configure the filters
on keys coming from the keyboard, to prevent unwanted sequences to
be delivered to the applications (e.g. CTRL-ALT-DEL, ALF-F4,
Ctrl-W, etc ...). Standard 8 adds this filter also
to the On Screen Keyboard (OSK), the one that appears when, having
no physical keyboard (e.g. on a touch-enabled screen), you tap on
an input field.
- Shell Launcher
This is a new feature and easily allows, via a graphical
interface, to replace the "system shell" (in desktop devices is the
Window Explorer process) by any application. In previous
versions this was achieved by acting on registry keys. In addition,
when choosing the application to promote as "shell", you can
determine what the system must do when the application terminates:
restart the application, restart the whole system, turn off the
device or "do nothing".
- Unified Write Filter
The UWF is a new write filter on the disks that is pretty much
the sum of the functions of the two filters EWF (Enhanced Write
Filter) and FBWF (File Based Write Filter) present in earlier
versions. In the UWF, you can configure: HORM (Hibernate/Once
Resume/Many), the exclusion list for files and folders, the size of
the overlay memory, etc.. (the subject is quite interesting and
huge and deserves a dedicated post!).
A very interesting feature of ELM is that it allows the export
of configurations to a file, that can then be loaded
automatically using PowerShell, on all devices on which you want
the same configuration.
Windows 8 Modern-UI
Because the operating system is, in fact, Windows
8, you can include in the build the "new shell", the one
with the new interface optimized for touch control. For the same
reason, we can provide to the user the "charms". These are the new
features that appear when we make certain "gesture" or simply bring
the mouse cursor to the corners of the video (for example, by
placing the cursor in the lower right opens to the left, a band
that contains the icons for the commands to search, share, control
and configuration).
The "new shell" of Windows 8 has a list of
tiles of various sizes and group organized to make immediate
launching of applications. In Windows 8 there is a
wide range of new applications using the new "Modern-UI" style; all
these new features are present in Standard 8 and
it adds the possibility of replacing the "new shell" with another
application, as we mentioned in the previous section.
"Windows 8" Application development
To develop "Modern-UI" applications is recommended, where
possible, to develop and to test them in Windows 8
and then insert them in the Standard 8 image when
you are already sure of proper operation. This procedure helps not
to be influenced by working in an embedded operating system which
may have limited hardware resources. All the features present in
Windows 8 are (or can be selectively added) in
Standard 8, so the success is almost guaranteed.
The term "almost" is required, because if an application checks to
be in execution on a specific operating system (e.g. Windows 8
Enterprise), it could detect to be in a "Windows Embedded 8
Standard" installation and then decide not to work.
More locking down features
In addition to ELM, which we have already made a mention, there
are more features that help us to protect our image from being
mishandled or involuntary modified:
Registry Filter
When we use one of the write filters on disk, automatically the
registry is write-protected. This is to avoid inconsistencies
between what is written on the disk and the corresponding keys in
the register. In some cases (e.g. the access token to a domain) it
is necessary that these registry writes survive after a system
reboot. Microsoft, provides the registry filter to manage these
scenarios, as already available in previous versions.
Gesture Filter
To "protect" our application from misuse you can introduce a
Gesture Filter to control "gesture" carried out by
touch or using the mouse cursor. You can disable one or more
functions related to the four sides and or to the four corners of
the screen, while leaving those related to multi-touch (zoom-in,
zoom-out, rotate, etc ...).
Development tools update
Here is a list, with a short description, of the principal tools
we use in this environment: some are completely new, some other
have been improved in Standard 8:
- Image Builder Wizard (IBW) - the Image Installer, which works
directly on the target device;
- Image Configuration Editor (ICE) - the Image Configurator for
the build, executed on a development PC;
- Target Analyzer Probe (TAP) - the Analyzer discover for
hardware devices present on target;
- Module Designer (MOD) - a tool to create and/or modify new
Modules;
- Catalog Manager (Catman.exe) - a tool to manage the
Catalog;
- Deployment Image Servicing and Management (DISM) - the Manager
of all the functionalities connected to Cloning, Servicing and
Managing a system image;
- DiskPart - the tool to manage the low-level structure of the
disk: partitions, volumes, ecc..;
- Dynamic Dependency Analyzer (DDA) - a tool to analyze
application dependencies: a help to answer to the question: which
Modules have I to include in my image to make the application
running correctly?
- Embedded Lockdown Manager (ELM) - the tool to manage the
LockDown features in a graphical interface;
- ImageX - the tool to manage the images after building (e.g. to
capture and apply for cloning).
Branding
The term "branding" refers to the set of modules that display
the Windows "Brand". In many embedded applications, the OEM prefers
NOT keep the Original Microsoft "Brand", but either delete it or
replace it with one of their own or that of a customer.
Here is the list, with a brief description, of the
Modules that allow the management of the
"brand":
- Unbranded Boot to suppress Windows 8 brand elements during the
device start up;
- Unbranded Screens to suppress Windows 8 brand elements when
the OS is loading;
- Custom Logon to suppress Windows 8 UI elements during the
logon and shutdown sequences of your device;
- Windows 8 Application Launcher to launch any application
as a shell instead of the standard Windows Explorer shell.
Security Enhancements
Standard 8, of course, takes advantage of all
the new features of Windows 8 and related to the
use of UEFI technology (Unified Extensible Firmware Interface).
This technology enables verification of the integrity of the
operating system before it is loaded and launched. It can guarantee
what goes under the name of "trusted boot". Combining, according to
their needs, all the other technologies related to security: ELAM
(Early Loading of Anti Malware), Bitlocker, AppLocker, etc. ... you
get a more reliable and secure device.
_________________________
With this brief overview I just wanted to give you a taste of
the new features of the Windows Embedded 8 family,
but a lot of events are close to be ready: posts, webinars,
seminars, courses and everything you need to obtain a complete and
in-depth information on the subject.
…. Stay tuned for more technical details and events that are
coming soon.
