Device.DevFund Requirements
Device.DevFund.CDA
Custom Driver Access for privileged application usage.
Related Requirements |
Device.DevFund.CDA.Application |
Device.DevFund.CDA.Application
Custom Driver Access
Target Feature |
Device.DevFund.CDA |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
If a device driver supports a privileged app performing Custom Driver Access, it must declare a restricted interface. By declaring a restricted interface, the following requirements must be met:
Assert that the device io control interfaces provided by this device driver are intended to be accessed by a privileged app running in app container accessing hardware functionality using CreateDeviceAccessInstance() and IDeviceIoControl() on Windows 8.
The restricted interface cannot be opened directly from an app container.
A device driver declares an interface is restricted by setting the DEVPKEY_DeviceInterface_Restricted property to true on that interface.
Additional Information
Enforcement Date |
Jun. 26, 2013 |
Device.DevFund.Color
Related Requirements |
Device.DevFund.Color.DeviceColorProfilesInstall |
Device.DevFund.Color.DeviceColorProfilesInstall
Device that uses an ICC profile properly installs the profile and is compliant with the appropriate profile specification
Target Feature |
Device.DevFund.Color |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
Devices that use a vendor-supplied International Color Consortium (ICC) profile or profiles must associate the profile or profiles with the device.Devices that create sRGB output can associate the sRGB Color Space Profile.icm profile (that is, the Windows default ICC profile) with the device. Devices that are sRGB-compliant are not required to provide an ICC profile.Note: For display monitors that are integrated into a system and are not required to support Plug and Play for their installed LCD display, the ICC profile must be installed manually by using an appropriate monitor information (INF) file. OEMs should install the correct configuration as part of the operating system pre-installation process. If necessary, the INF file will be available to the user for manual reinstallation. Mobile computers that have dual-scan supertwist nematic (DSTN) or reflective LCD displays do not require ICC profiles.Design Notes:By default, Windows supports devices that create sRGB output. Devices that use an output other than sRGB can use an INF file to install an ICC profile that is appropriate to the preferred display resolution, as identified in the extended display identification data (EDID), at 32 bits per pixel (bpp). For an LCD or other non-CRT display device, the profile should be based on the native display mode, or resolution and color depth, for which the display is designed.The ICM APIs and functionality are defined in the Microsoft Platform SDK and the Windows Driver Kit.
Additional Information
Enforcement Date |
Jun. 01, 2006 |
Device.DevFund.DriverFramework.AllDrivers
Driver framework requirements applicable to all drivers
Related Requirements |
Device.DevFund.DriverFramework.AllDrivers.WDFLoadGroup |
Device.DevFund.DriverFramework.AllDrivers.WDFLoadGroup
Only Windows Driver Framework (WDF) can use the WdfLoadGroup driver load order group
Target Feature |
Device.DevFund.DriverFramework.AllDrivers |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
Only WDF (Wdf01000.sys) should use the WdfLoadGroup driver load order group. User-Mode Driver Framework (UMDF) and Kernel-Mode Driver Framework (KMDF) drivers should not use this driver load order group, because that prevents installation of WDF boot start drivers.
Additional Information
Enforcement Date |
Dec. 01, 2010 |
Device.DevFund.DriverFramework.KMDF
Driver framework requirements for KMDF
Related Requirements |
Device.DevFund.DriverFramework.KMDF.HandleDDIFailures Device.DevFund.DriverFramework.KMDF.Reliability Device.DevFund.DriverFramework.KMDF.WDFProperINF Device.DevFund.DriverFramework.KMDF.WDFRedistributables |
Device.DevFund.DriverFramework.KMDF.HandleDDIFailures
Kernel Mode Driver Framework (KMDF) drivers are designed to handle DDI failures gracefully
Target Feature |
Device.DevFund.DriverFramework.KMDF |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
Kernel Mode Driver Framework (KMDF) drivers must handle failure gracefully. When a device driver interface (DDI) returns an NTSTATUS code, the driver must check the return value before the driver proceeds.If a failure occurs, DDI out parameters should not be used. Use of these parameters will cause drivers to crash or stop responding. Use of these parameters will also lead to bug checks and other unreliable behavior. Design Notes:The WDFTester tool from the Windows Driver Kit (WDK) is used for fault injection on the DDIs during logo testing. This tool resides in the following location in the WDK:%wdk%\WDKVersionNumber\tools\wdf\wdftesterFor more information about the WDFTester tool, visit the following website:https://msdn.microsoft.com/library/ff556110.aspx The Device Disable Enable test, the Sleep test, and the Plug and Play test from WDK will be used according to the WDFTester tool. The DDIs that are called from the driver during these tests will be fault injected to return unsuccessful status codes. When a DDI returns an unsuccessful status code, out parameters of that DDI may also be assigned to NULL values. If a DDI failure occurs, out parameters should be used according to the documented behavior.
Additional Information
Enforcement Date |
Jun. 01, 2009 |
Device.DevFund.DriverFramework.KMDF.Reliability
Kernel Mode Driver Framework (KMDF) drivers are architected to maximize reliability and stability and do not "leak" resources such as memory and KMDF objects
Target Feature |
Device.DevFund.DriverFramework.KMDF |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
Kernel-Mode Driver Framework (KMDF) drivers must use pool memory responsibly. Handles that the drivers pass to device driver interfaces (DDIs) must conform to the pattern of the parameter. The state of the drivers must be consistent with the use of WDFREQUEST objects and WDFQUEUE objects. Event callback functions that the driver registers must adhere to interrupt request level (IRQL) restrictions. Design Notes:For more information about developing drivers that meet this requirement, visit the following websites:https://msdn.microsoft.com/library/aa973499.aspx https://www.microsoft.com/whdc/driver/wdf/KMDF.mspx The following tools can be enabled to validate this requirement for all KMDF drivers:
Windows Driver Foundation (WDF) Verifier.
Handle tracking. Handle tracking will be enabled on all KMDF objects.
Enhanced Verifier for Framework 1.9 KMDF drivers. Enhanced Verifier is new for Framework 1.9. This tool can be enabled by using the EnhancedVerifierOptions registry value. To enable Enhanced Verifier, set the following registry values for the driver's Parameters\Wdf key:
HKLM\System\CurrentControlSet\Services\\Parameters\WdfEnhancedVerifierOptions REG_DWORD 1VerifierOn REG_DWORD 1TrackHandles MULTI_SZ *
Driver Verifier. To enable Driver Verifier, use the following command:
Verifier /flags 0xfb /driver This command will run the KMDF driver under Driver Verifier with all flags set except the Low Resource Simulation flag. For more information about Driver Verifier, visit the following website: https://msdn.microsoft.com/library/ff545448.aspx. In the Windows Hardware Certification Kit (Windows HCK), the WDF Test can be run to validate this requirement.
Additional Information
Enforcement Date |
Jun. 01, 2009 |
Device.DevFund.DriverFramework.KMDF.WDFProperINF
Windows Driver Framework (WDF) driver INF files are properly structured
Target Feature |
Device.DevFund.DriverFramework.KMDF |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
All information (INF) files in Windows Driver Foundation (WDF) driver packages must call WDF-specific sections properly. Correctly structured INF sections help ensure that the driver will be installed properly. However, even when a driver is installed, a poorly or wrongly configured section can cause unpredictable problems during the operation of the driver or device. These problems can be prevented by following the guidelines for WDF INF settings.To meet this requirement, all WDF INF files must have the following:
A coinstaller section, as follows:[DDInstall.Coinstallers]CopyFiles=AddReg=
A WDF section, as follows:
For Kernel-Mode Driver Framework (KMDF) drivers:[DDInstall.Wdf]KmdfService= <ServiceName>, <Kmdf_Install>[Kmdf_Install]KmdfLibraryVersion=For User-Mode Driver Framework (UMDF) drivers:[DDInstall.Wdf]UmdfService=<ServiceName>,<Umdf_Install>UmdfServiceOrder=UmdfDispatcher [Only for USB Drivers and Drivers with file handle I/O targets]=UmdfImpersonationLevel[optional]=[Umdf_Install]UmdfLibraryVersion=DriverCLSID=ServiceBinary=
All UMDF driver INF files must have a WUDFRD service installation section, as follows:
[WUDFRD_ServiceInstall]DisplayName = "Windows Driver Foundation - User-mode Driver FrameworkReflector"ServiceType = 1StartType = 3ErrorControl = 1ServiceBinary = %12%\WUDFRd.sysLoadOrderGroup = Base
All WDF drivers that use a WinUSB driver must have the following service installation settings:
[WinUsb_ServiceInstall]DisplayName = "WinUSB Driver"ServiceType = 1StartType = 3ErrorControl = 1ServiceBinary = %12%\WinUSB.sys
Service names, hardware IDs (HWIDs), display names, and UMDF class identifiers (CLSIDs) cannot be pasted from WDF samples.
Design Notes:For more information about WDF-specific INF settings, visit the following websites:https://www.microsoft.com/whdc/driver/wdf/wdfbook.mspx https://msdn.microsoft.com/library/ff560526.aspx https://msdn.microsoft.com/library/ff560526.aspx
Additional Information
Enforcement Date |
Jun. 01, 2009 |
Device.DevFund.DriverFramework.KMDF.WDFRedistributables
Windows Driver Framework (WDF) drivers are packaged to contain the RTM free versions of redistributables
Target Feature |
Device.DevFund.DriverFramework.KMDF |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64 Windows 8.1 Client x86, x64 Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
All Windows Driver Framework (WDF) drivers that are submitted for a logo or signature through the Windows Hardware Certification Kit (Windows HCK) must meet the following guidelines for packaging redistributables, or co-installers:
All WDF drivers, for all versions of the WDF, for all operating systems can be submitted for a logo or signature.
Redistributables that are included in the driver package must be the release to manufacturing (RTM) fre version of the redistributables. Some WDF version 1.7 coinstallers that were available on the Microsoft Connect website caused serious installation problems. Microsoft has removed these coinstallers from Connect and replaced them with fixed coinstallers. The problematic WDF coinstallers were version 1.7.6001.0. The fixed coinstallers are version 1.7.6001.18000. For logo submissions, drivers should use the version 1.7.6001.18000 co-installers.
Kernel-Mode Driver Framework (KMDF) has coinstallers for versions 1.0, 1.1, 1.5, 1.7, 1.9 and 1.11. You can use all of these coinstallers for certification submissions, provided that you use the RTM fre versions. User-Mode Driver Framework (UMDF) has coinstallers for versions 1.5, 1.7, 1.9 and 1.11. You can use all of these coinstallers in your driver package, provided that you use the RTM fre versions.WDF version 1.11 coinstallers that are released via Microsoft Connect have the most enhanced version of the framework. We advise partners to use the latest version of the framework to develop and distribute WDF drivers.Design Notes:WDF version 1.11 drivers can install the frameworks using an MSU update package instead of using the 1.11 coinstallers. If WDF version 1.11 drivers use the MSU install package then KMDF drivers don't use a co-installer, but WDF version 1.11 UMDF drivers still reference the inbox co-installer named WudfCoinstaller.dll. WudfCoinstaller.dll is inbox to Windows 8, and UMDF drivers aren't packaged with it, only the INF file should reference this co-installer.WDF 1.11 is inbox to Windows 8, so before Windows 8 RTM WDF 1.11 drivers can be logo'ed for Windows 8 if the driver installs without referring to the 1.11 coinstaller from its INF file. But UMDF driver must still reference the inbox coinstaller wudfcoinstaller.dll, for more information regarding WDF driver installation without a coinstaller please visit the following link:https://blogs.msdn.com/b/iliast/archive/2009/08/13/wdf-logo-requirements-regarding-coinstallers.aspx The WDF 1.11 coinstallers and the MSU package are distributed via Microsoft Connect. Partners who want to have driver packages signed for down-level operating systems prior to WDF 1.11 RTM should use the WDF 1.9 RTM co-installers. For more information about WDF driver installation, visit the following website: https://msdn.microsoft.com/library/ff544213.aspx
Additional Information
Enforcement Date |
Jun. 01, 2009 |
Device.DevFund.DriverFramework.UMDF
Driver framework requirements for UMDF
Related Requirements |
Device.DevFund.DriverFramework.UMDF.Reliability Device.DevFund.DriverFramework.UMDF.WDFProperINF Device.DevFund.DriverFramework.UMDF.WDFRedistributables |
Device.DevFund.DriverFramework.UMDF.Reliability
User Mode Driver Framework (UMDF) drivers must be secure, stable, reliable and not have application compatibility issues.
Target Feature |
Device.DevFund.DriverFramework.UMDF |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
To help ensure that all User-Mode Driver Framework (UMDF) drivers meet security standards, are stable and reliable, and do not have application compatibility issues, drivers must not have any object leaks. Object leaks can be diagnosed by enabling object tracking. If a memory leak occurs, set the Reference Count Tracking setting to "On." This setting logs the history for "add of reference" and "release of reference" counts.These features can be set to "On" by using the following registry values:HKLM\Software\Microsoft\WindowsNT\CurrentVersion\WUDF\Services\{193a1820-d9ac-4997-8c55-be817523f6aa}TrackObjects REG_DWORD 1TrackRefCounts REG_DWORD 1UMDF drivers must also meet the following requirements:
The drivers must not attempt to use invalid handles.
The drivers must use critical sections and file locks properly. The primary purpose of the locks test is to help ensure that the application properly uses critical sections.
The drivers must not cause heap memory corruption.
The drivers must correctly use virtual address space manipulation functions, such as VirtualAlloc, VirtualFree, and MapViewOfFile.
The drivers must not hide access violations by using structured exception handling.
The drivers must correctly use thread local storage functions.
The drivers must use COM correctly.
Partners can verify that the drivers meet these requirement by enabling Microsoft Application Verifier's handles, locks, heaps, memory, exceptions, and Transport Layer Security (TLS) settings for the UMDF host process (that is, WUDFHost.exe) during driver development and testing. For more information, see the Developing Drivers with the Windows Driver Foundation book at the following website: https://www.microsoft.com/whdc/driver/wdf/wdfbook.mspx Design Notes:Application Verifier will help check UMDF drivers extensively to help ensure stable and reliable drivers.For all UMDF drivers, Application Verifier will be enabled when driver reliability tests are executed.Application Verifier can be downloaded from the following Microsoft website: https://www.microsoft.com/downloads/en/details.aspx?FamilyID=c4a25ab9-649d-4a1b-b4a7-c9d8b095df18 To enable Application Verifier for WUDFHost.exe, run the following command:appverif -enable handles locks heaps memory COM exceptions TLS -for WUDFHost.exeFor more information about UMDF, visit the following website: https://www.microsoft.com/whdc/driver/wdf/UMDF.mspx
Additional Information
Enforcement Date |
Jun. 01, 2009 |
Device.DevFund.DriverFramework.UMDF.WDFProperINF
Windows Driver Framework (WDF) driver INF files are properly structured
Target Feature |
Device.DevFund.DriverFramework.UMDF |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
All information (INF) files in Windows Driver Foundation (WDF) driver packages must call WDF-specific sections properly. Correctly structured INF sections help ensure that the driver will be installed properly. However, even when a driver is installed, a poorly or wrongly configured section can cause unpredictable problems during the operation of the driver or device. These problems can be prevented by following the guidelines for WDF INF settings.To meet this requirement, all WDF INF files must have the following:
A coinstaller section, as follows:
[DDInstall.Coinstallers]CopyFiles=AddReg=
A WDF section, as follows:
For Kernel-Mode Driver Framework (KMDF) drivers:[DDInstall.Wdf]KmdfService= <ServiceName>, <Kmdf_Install>[Kmdf_Install]KmdfLibraryVersion=For User-Mode Driver Framework (UMDF) drivers:[DDInstall.Wdf]UmdfService=<ServiceName>,<Umdf_Install>UmdfServiceOrder=UmdfDispatcher [Only for USB Drivers and Drivers with file handle I/O targets]=UmdfImpersonationLevel[optional]=[Umdf_Install]UmdfLibraryVersion=DriverCLSID=ServiceBinary=
All UMDF driver INF files must have a WUDFRD service installation section, as follows:
[WUDFRD_ServiceInstall]DisplayName = "Windows Driver Foundation - User-mode Driver FrameworkReflector"ServiceType = 1StartType = 3ErrorControl = 1ServiceBinary = %12%\WUDFRd.sysLoadOrderGroup = Base
All WDF drivers that use a WinUSB driver must have the following service installation settings:
[WinUsb_ServiceInstall]DisplayName = "WinUSB Driver"ServiceType = 1StartType = 3ErrorControl = 1ServiceBinary = %12%\WinUSB.sys
Service names, hardware IDs (HWIDs), display names, and UMDF class identifiers (CLSIDs) cannot be pasted from WDF samples.
Design Notes:For more information about WDF-specific INF settings, visit the following websites:https://www.microsoft.com/whdc/driver/wdf/wdfbook.mspx https://msdn.microsoft.com/library/ff560526.aspx https://msdn.microsoft.com/library/ff560526.aspx
Additional Information
Enforcement Date |
Jun. 01, 2009 |
Device.DevFund.DriverFramework.UMDF.WDFRedistributables
Windows Driver Framework (WDF) drivers are packaged to contain the RTM free versions of redistributables
Target Feature |
Device.DevFund.DriverFramework.UMDF |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64 Windows 8.1 Client x86, x64 Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
All Windows Driver Framework (WDF) drivers that are submitted for a logo or signature through the Windows HCK must meet the following guidelines for packaging redistributables, or co-installers:
All WDF drivers, for all versions of the WDF, for all operating systems can be submitted for a logo or signature.
Redistributables that are included in the driver package must be the release to manufacturing (RTM) fre version of the redistributables. Some WDF version 1.7 coinstallers that were available on the Microsoft Connect website caused serious installation problems. Microsoft has removed these coinstallers from Connect and replaced them with fixed coinstallers. The problematic WDF coinstallers were version 1.7.6001.0. The fixed coinstallers are version 1.7.6001.18000. For logo submissions, drivers should use the version 1.7.6001.18000 co-installers.
Kernel-Mode Driver Framework (KMDF) has coinstallers for versions 1.0, 1.1, 1.5, 1.7, 1.9 and 1.11. You can use all of these coinstallers for certification submissions, provided that you use the RTM fre versions. User-Mode Driver Framework (UMDF) has coinstallers for versions 1.5, 1.7, 1.9 and 1.11. You can use all of these coinstallers in your driver package, provided that you use the RTM fre versions.WDF version 1.11 coinstallers that are released via Microsoft Connect have the most enhanced version of the framework. We advise partners to use the latest version of the framework to develop and distribute WDF drivers.Design Notes:WDF version 1.11 drivers can install the frameworks using an MSU update package instead of using the 1.11 coinstallers. If WDF version 1.11 drivers use the MSU install package then KMDF drivers don't use a co-installer, but WDF version 1.11 UMDF drivers still reference the inbox co-installer named WudfCoinstaller.dll. WudfCoinstaller.dll is inbox to Windows 8, and UMDF drivers aren't packaged with it, only the INF file should reference this co-installer.WDF 1.11 is inbox to Windows 8, so before Windows 8 RTM WDF 1.11 drivers can be logo'ed for Windows 8 if the driver installs without referring to the 1.11 coinstaller from its INF file. But UMDF driver must still reference the inbox coinstaller wudfcoinstaller.dll, for more information regarding WDF driver installation without a coinstaller please visit the following link:https://blogs.msdn.com/b/iliast/archive/2009/08/13/wdf-logo-requirements-regarding-coinstallers.aspx The WDF 1.11 coinstallers and the MSU package are distributed via Microsoft Connect. Partners who want to have driver packages signed for down-level operating systems prior to WDF 1.11 RTM should use the WDF 1.9 RTM co-installers. For more information about WDF driver installation, visit the following website: https://msdn.microsoft.com/library/ff544213.aspx
Additional Information
Enforcement Date |
Jun. 01, 2009 |
Device.DevFund.Firmware
Driver package requirements for firmware update package
Related Requirements |
Device.DevFund.Firmware.UpdateDriverPackage |
Device.DevFund.Firmware.UpdateDriverPackage
These requirements apply to any firmware update driver package that is submitted to MS for approval and signing.
Target Feature |
Device.DevFund.Firmware |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
In addition to standard driver requirements, the following requirements apply to firmware update driver package:
A firmware package must payload the update for only one resource.
A firmware package must be configurable (see Device.DevFund.INF.* for more details).
After a successful firmware upgrade, the firmware version in the .INF file of the driver package, the resource version (in ESRE), and the last attempted version (in ESRE) for that resource must match.
The name of the binary file in the firmware package must not conflict with any of the previous firmware versions.
A successful firmware upgrade must not reduce or eliminate functionality of any devices in the system.
Additional Information
Enforcement Date |
Mar. 01, 2012 |
Device.DevFund.HALExtension
HAL requirements for HAL Extensions
Related Requirements |
Device.DevFund.HALExtension.HAL Device.DevFund.HALExtension.HALSignatureAttributes |
Device.DevFund.HALExtension.HAL
These requirements apply to HAL Extensions that is submitted to MS for approval and signing.
Target Feature |
Device.DevFund.HALExtension |
Applies to |
Windows 8 Client ARM (Windows RT) Windows 8.1 Client ARM (Windows RT 8.1) |
Description
In addition to standard driver requirements, the following requirements apply to HAL
HAL Extension should work with system HAL seamlessly .
HAL Extension should be signed correctly.
Additional Information
Enforcement Date |
Jun. 26, 2013 |
Device.DevFund.HALExtension.HALSignatureAttributes
Requirement for SignatureAttribute section in HAL Extension INF files
Target Feature |
Device.DevFund.HALExtension |
Applies to |
Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) |
Description
HAL Extensions must to be signed with a special signature as part of submission/validation process. The process of determining what signature each module needs is being standardized, each INF file now must include a SignatureAttributes section uniquely identifying what type of signature is applicable for the associated driver binaries. Adding this section to existing inf files is a very simple process.
An example follows:
[SignatureAttributes]HalExtension.dll = SignatureAttributes.HalExt[SignatureAttributes.HalExt]HalExt=true
Additional Information
Enforcement Date |
Jun. 26, 2013 |
Device.DevFund.INF
INF restictions
Related Requirements |
Device.DevFund.INF.AddReg Device.DevFund.INF.AddService Device.DevFund.INF.ClassInstall32 Device.DevFund.INF.ComplexDeviceMatching Device.DevFund.INF.DDInstall.CoInstallers Device.DevFund.INF.DeviceConfigOnly Device.DevFund.INF.DeviceResourceConfig Device.DevFund.INF.FileCopyRestriction Device.DevFund.INF.FileOrRegistryModification Device.DevFund.INF.InstallManagement Device.DevFund.INF.LegacySyntax Device.DevFund.INF.TargetOSVersion |
Device.DevFund.INF.AddReg
When using an AddReg directive, each AddReg entry must specify HKR as the registry root
Target Feature |
Device.DevFund.INF |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
HKR (meaning "relative root") is the only registry root identifier that can be referenced in an AddReg section in an INF file. Other root identifiers, including HKCR, HKCU, HKLM and HKU, are restricted from use in an AddReg section. The AddReg directive is intended to be used for device installation and configuration purposes only.Exceptions:Note that there are some exceptions to this requirement to accommodate the registration of Component Object Model (COM) objects and Media Foundation Transforms (MFT) using the AddReg directive. Refer to the Design Notes section of this requirement for additional details.Design Notes:All registry keys declared in an AddReg section of an INF file must use the relative root identifier (HKR) as the registry root value, unless an explicit exception exists as outlined in this requirement.The following example shows the registration of a COM object using AddReg directives. Building on this example it is possible to customize all of the object's parameters:[COMobj.AddReg]HKCR,CLSID\{<CLSID>},,,"<MFT DLL description>"HKCR,CLSID\{<CLSID>}\InprocServer32,,%REG_EXPAND_SZ%,"%%SystemRoot%%\System32\mftxyz.dll"HKCR,CLSID\{<CLSID>}\InprocServer32,ThreadingModel,,"Both"A complete list of COM registry entries with details on their use can be found in the MSDN at https://msdn.microsoft.com/library/ms694355(v=vs.85).aspx.The following example shows the registration of an MFT filter using AddReg directives:[MFT.AddReg]HKCR,CLSID\{<CLSID>},,,"<MFT DLL description>"HKCR,CLSID\{<CLSID>}\InprocServer32,,%REG_EXPAND_SZ%,"%%SystemRoot%%\System32\mftxyz.dll"HKCR,CLSID\{<CLSID>}\InprocServer32,ThreadingModel,,"Both"HKCR,MediaFoundation\Transforms\<CLSID>,InputTypes,%REG_BINARY%,76,45,87,2d,5e,23,...HKCR,MediaFoundation\Transforms\<CLSID>,OutputTypes,%REG_BINARY%,22,5e,23,46,43,10,...HKCR,MediaFoundation\Transforms\<CLSID>,,%REG_SZ%,"MFT Friendly Name"HKCR,MediaFoundation\Transforms\<CLSID>,MFTFlags,%REG_DWORD%, 0x00000004HKCR,MediaFoundation\Transforms\<CLSID>,Attributes,REG_BINARY%, 41,46,4d,HKCR,MediaFoundation\Transforms\Categories\<MFTCategoryGUID>\<CLSID>HKLM,SOFTWARE\Microsoft\Windows Media Foundation\ByteStreamHandlers\audio/xyz,<CLSID>,,"XYZ Stream Handler"Additionally, when registering a DECODE or ENCODE HMFT, the one of the following registry keys must also be set:DECODE HMFTHKLM,SOFTWARE\Microsoft\Windows Media Foundation\HardwareMFT,EnableDecoders, %REG_DWORD%, 1ENCODE HMFTHKLM,SOFTWARE\Microsoft\Windows Media Foundation\HardwareMFT,EnableEncoders, %REG_DWORD%, 1More details on MFTs can be found in the MSDN at https://msdn.microsoft.com/library/windows/desktop/ms703138(v=vs.85).aspx.
Additional Information
Exceptions |
*This is a requirement for Windows RT, but is recommended for Windows 8 (x86) and Windows 8 (x64). It will be required in the future for those architectures. Note that there are some exceptions to this requirement to accommodate the registration of Component Object Model (COM) objects and Media Foundation Transforms (MFT) using the AddReg directive. Refer to the Design Notes section of this requirement for additional details. |
Enforcement Date |
Aug. 28, 2012 |
Device.DevFund.INF.AddService
INF files can only install driver-related services
Target Feature |
Device.DevFund.INF |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
An INF AddService directive can only reference services that are driver related. Services that are not driver related, such as a Microsoft Win32 service, cannot be referenced or installed using an INF file.Design Notes:An INF AddService directive service-install-section may only specify a ServiceType type-code of the following:
SERVICE_DRIVER
SERVICE_KERNEL_DRIVER
SERVICE_FILE_SYSTEM_DRIVER
Additional Information
Exceptions |
*This is a requirement for Windows RT, but is recommended for Windows 8 (x86) and Windows 8 (x64). It will be required in the future for those architectures |
Enforcement Date |
Aug. 28, 2012 |
Device.DevFund.INF.ClassInstall32
INF files must not define a custom class installer within a ClassInstall32 section
Target Feature |
Device.DevFund.INF |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
An INF file may not specify a custom class installer within a ClassInstall32 section. Therefore, a driver package cannot execute a custom class installer during device installation.Design Notes:Developers should use one of the existing inbox device setup classes for their device. If it is necessary to define a new device setup class, the new setup class cannot employ a class installer as part of the device installation process. The following example shows an INF ClassInstall32 section which defines a custom class installer and therefore fails this requirement.[ClassInstall32.ntx86] ; Declare a ClassInstall32 section for the x86 ; architectureAddReg=SetupClassAddReg ; Reference to the ClassInstall32 AddReg section; Place additional class specific directives here[SetupClassAddReg] ; Declare a class specific AddReg section; Device class specific AddReg entries appear here; The next line defines the class installer that will be executed when; installing devices of this device-class type. Defining a registry entry; of this type is no longer supported and the driver package fails to meet; this device fundamental requirement.[HKR,,Installer32,,"class-installer.dll,class-entry-point"]
Additional Information
Exceptions |
*This is a requirement for Windows RT, but is recommended for Windows 8 (x86) and Windows 8 (x64). It will be required in the future for those architectures. |
Enforcement Date |
Aug. 28, 2012 |
Device.DevFund.INF.ComplexDeviceMatching
INF directives related to complex device matching logic are not supported
Target Feature |
Device.DevFund.INF |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
INF files will not support complex device matching logic. Specifically, the capability to specify a DeviceID for a device which should not be installed, when a matching HardwareID or CompatibleID exists in the DDInstall section, will not be supported.Design Notes:The following INF directive may not be referenced in an INF file:
ExcludeID
Additional Information
Exceptions |
*This is a requirement for Windows RT, but is recommended for Windows 8 (x86) and Windows 8 (x64). It will be required in the future for those architectures. |
Enforcement Date |
Aug. 28, 2012 |
Device.DevFund.INF.DDInstall.CoInstallers
INF files must not reference any co-installers within a DDInstall.CoInstallers section
Target Feature |
Device.DevFund.INF |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
An INF file may not reference any co-installers within a DDInstall.CoInstallers section. Therefore, a driver package cannot execute any co-installers during device installation.Design Notes:Execution of co-installers is prohibited during device installation. The following examples show the registration of a device-specific co-installer and a device-class co-installer. Both types of co-installers are not permitted in an INF file and inclusion will result in failure to meet the requirement.Device-specific co-installer example:; Registering one or more device-specific co-installers requires adding; adding a REG_MULTI_SZ value using an AddReg directive. The following; shows the general form for registering a device-specific co-installer.; :; :[DestinationDirs] ; Destination dir for the co-installer dllXxxCopyFilesSection = 11 ; DIRID_for %WINDIR%\System32 dir ; Xxx = driver or device prefix; :; :[XxxInstall.OS-platform.CoInstallers] ; Define co-installers sectionCopyFiles = XxxCopyFilesSection ; Copy files directiveAddReg = Xxx.OS-platform.CoInstallers_AddReg ; Add registry directive[XxxCopyFilesSection] ; Define the co-installer copy filesXxxCoInstall.dll ; section[Xxx.OS-platform.CoInstallers_AddReg] ; Define the co-installer AddReg ; section; The next line defines the co-installer that will be executed when; installing this device. Defining a registry entry of this type is no; longer supported and the driver package fails to meet this device; fundamental requirement.HKR,,CoInstallers32,0x00010000,"XxxCoInstall.dll, \ XxxCoInstallEntryPoint"Device-class co-installer example:[Xxx.OS-platform.CoInstallers_AddReg] ; Define the co-installer AddReg ; section; Similar format to the device-specific co-installer example, except the; registry location is under HKLM. The next line defines the co-installer; executed after any installation operations complete for the given device; setup class GUID. Defining a registry entry of this type is no; longer supported and the driver package fails to meet this device; fundamental requirement.HKLM,System\CurrentControlSet\Control\CoDeviceInstallers, \{SetupClassGUID}, 0x00010008,"DevClssCoInst.dll[,DevClssEntryPoint]"
Additional Information
Exceptions |
*This is a requirement for Windows RT, but is recommended for Windows 8 (x86) and Windows 8 (x64). It will be required in the future for those architectures. |
Enforcement Date |
Aug. 28, 2012 |
Device.DevFund.INF.DeviceConfigOnly
INF files cannot reference INF directives that are not directly related to the configuration of a device
Target Feature |
Device.DevFund.INF |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
INF directives that provide configuration functionality beyond what is necessary to configure device hardware are no longer supported. The INF file and all supporting files in the driver package must be used only for device installation and configuration.Design Notes:The following INF directives may not be referenced in an INF file:1. RegisterDlls 2. UnregisterDlls 3. ProfileItems 4. UpdateInis 5. UpdateIniFields 6. Ini2RegNote that while the RegisterDlls directive can no longer be declared in an INF file, it is still possible to register Component Object Model (COM) and Media Foundation Transform (MFT) objects from an INF file using the AddReg directive. The AddReg directive allows the declaration of COM/MFT registration keys under the HKLM registry hive. For information on the use of the AddReg directive for this purpose, refer to the Device.DevFund.INF.AddReg Windows Hardware Certification requirement.
Additional Information
Exceptions |
*This is a requirement for Windows RT, but is recommended for Windows 8 (x86) and Windows 8 (x64). It will be required in the future for those architectures. |
Enforcement Date |
Aug. 28, 2012 |
Device.DevFund.INF.DeviceResourceConfig
INF based device resource configuration and non-PnP related configuration cannot be performed within an INF file
Target Feature |
Device.DevFund.INF |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
INF files cannot be used to perform device resource configuration or non-PnP related configuration tasks. Several INF directives and sections are no longer supported.Design Notes:The following INF sections and directives cannot be referenced in an INF file:
[DDInstall.LogConfigOverride] section
LogConfig
[DDInstall.FactDef] section
Additional Information
Exceptions |
*This is a requirement for Windows RT, but is recommended for Windows 8 (x86) and Windows 8 (x64). It will be required in the future for those architectures. |
Enforcement Date |
Aug. 28, 2012 |
Device.DevFund.INF.FileCopyRestriction
INF based file copy restrictions
Target Feature |
Device.DevFund.INF |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
File copy destination locations are limited to prevent driver packages from installing drivers in inappropriate locations on the system.Design Notes:When using the CopyFiles directive, the destination directory specified for a file must be one of the following DIRID values:
11 (corresponds to the %WINDIR%\System32 directory)
12 (corresponds to the %WINDIR%\System32\Drivers directory)
Only these destination directories expressed as the appropriate DIRID will be a valid copy file location.
Additional Information
Exceptions |
*This is a requirement for Windows RT, but is recommended for Windows 8 (x86) and Windows 8 (x64). It will be required in the future for those architectures. |
Enforcement Date |
Aug. 28, 2012 |
Device.DevFund.INF.FileOrRegistryModification
Deleting or modifying existing files, registry entries and/or services is not allowed from within an INF file
Target Feature |
Device.DevFund.INF |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
INF file directives which delete or modify registry entries, services and files are no longer supported.Design Notes:The following INF directives may not be referenced in an INF file:
DelReg
DelService
DelPropertry
BitReg
DelFiles
RenFiles
Additional Information
Exceptions |
*This is a requirement for Windows RT, but is recommended for Windows 8 (x86) and Windows 8 (x64). It will be required in the future for those architectures. |
Enforcement Date |
Aug. 28, 2012 |
Device.DevFund.INF.InstallManagement
Management of files installed using an INF file is restricted to the system
Target Feature |
Device.DevFund.INF |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
Any files that are installed onto the system using an INF file are managed exclusively by Windows. Plug and Play (PnP) prevents applications from directly modifying the files that are referenced in the INF.Design Notes:An INF file must include the PnpLockDown directive set to value 1 in the [Version] section. This would appear as follows in the INF file:[Version]; Other Version section directives herePnpLockDown=1
Additional Information
Exceptions |
*This is a requirement for Windows RT, but is recommended for Windows 8 (x86) and Windows 8 (x64). It will be required in the future for those architectures. |
Enforcement Date |
Aug. 28, 2012 |
Device.DevFund.INF.LegacySyntax
Legacy service configuration cannot be performed within an INF file
Target Feature |
Device.DevFund.INF |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
Service configuration using legacy INF syntax is no longer supported.Design Notes:The following INF service install section directive may not be referenced in an INF file:
LoadOrderGroup
Additional Information
Exceptions |
*This is a requirement for Windows RT, but is recommended for Windows 8 (x86) and Windows 8 (x64). It will be required in the future for those architectures. |
Enforcement Date |
Aug. 28, 2012 |
Device.DevFund.INF.TargetOSVersion
The TargetOSVersion decoration in an INF file cannot contain a ProductType flag or SuiteMask flag
Target Feature |
Device.DevFund.INF |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
Within the [Manufacturer] section of an INF file, a TargetOSVersion decoration is used to identify the target OS of the driver package. The TargetOSVersion decoration cannot contain a ProductType flag or SuiteMask flag.Design Notes:In Windows 7 and earlier OS versions, the TargetOSVersion decoration is formatted as follows:nt[Architecture].[OSMajorVersion][.[OSMinorVersion][.[ProductType][ \ .[SuiteMask]]]]Beginning in Windows 8, the ProductType field and SuiteMask field are no longer valid fields in the TargetOSVersion decoration.
Additional Information
Exceptions |
*This is a requirement for Windows RT, but is recommended for Windows 8 (x86) and Windows 8 (x64). It will be required in the future for those architectures. |
Enforcement Date |
Aug. 28, 2012 |
Device.DevFund.Memory
Requirements related to memory profile
Related Requirements |
Device.DevFund.Memory.DriverFootprint Device.DevFund.Memory.NXPool |
Device.DevFund.Memory.DriverFootprint
Drivers must occupy a limited memory footprint
Target Feature |
Device.DevFund.Memory |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) |
Description
Drivers must occupy less than or equal to the following size of non-paged code pages in memory:
Non Paged Code Pages
Driver Type |
Graphics Drivers |
All other driver types |
x86/ARM |
<= 10MB |
<= 1.66MB |
x64 |
<= 10MB |
<= 5.45 MB |
Driver locked allocations (including MDL allocations and contiguous memory allocations)
12MB for all driver types for both architectures
Non Paged Pool - For Windows 8.1, Drivers must occupy less than or equal to the following size of non-paged pool in memory:
Driver type |
Graphics Drivers |
All other driver types |
x86/ARM |
6MB |
4MB |
x64 |
10MB |
7MB |
Thresholds are based in telemetry: X86/ARM 4MB covers 80th percentile, X64 7MB covers 76th percentile from pool allocation samples
Design Notes: The corresponding test will check the size of the drivers non paged code pages in MB.
Additional Information
Business Justification |
Driver non-paged memory usage constitutes a fixed cost in terms of memory utilization for the overall lifetime of a system. These contribute substantially toward the total OS memory footprint, and most drivers are present in memory at all times. Optimizing driver memory will provide an improved user experience and better overall system responsiveness due to greater availability of memory for user applications. Any reduction in non-pageable driver footprint directly improves the baseline memory consumption of the OS which increases scalability. Current WHCK tests for Windows 8 cover driver Locked allocations (MDL/Contiguous memory allocations) and non-paged driver code. Non Paged pool usage is the only non-pageable driver footprint aspect that is not covered by existing tests. |
Enforcement Date |
Jun. 26, 2013 |
Device.DevFund.Memory.NXPool
All driver pool allocations must be in NX pool
Target Feature |
Device.DevFund.Memory |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
Driver pool allocations must be made in the non-executable (NX) pool.Design Notes:A new type of non-paged pool has been introduced which is non-executable (NX) Pool. Since it is non-executable, it is inherently more secure as compared to executable non-paged (NP) Pool, and provides better protection against overflow attacks.
Additional Information
Business Justification |
Moving allocations to the non-executable pool, the surface area of attack for a rogue binary's executable code is minimized. |
Enforcement Date |
Jun. 26, 2013 |
Device.DevFund.Reliability
Reliability tests containing content of the former DEVFUND tests
Related Requirements |
Device.DevFund.Reliability.BasicReliabilityAndPerformance Device.DevFund.Reliability.BasicSecurity Device.DevFund.Reliability.BootDriverEmbeddedSignature Device.DevFund.Reliability.DriverInstallUninstallReinstall Device.DevFund.Reliability.DriverUninstallInstallOtherDeviceStability Device.DevFund.Reliability.NoReplacingSysComponents Device.DevFund.Reliability.NormalOpWithDEP Device.DevFund.Reliability.PnPIDs Device.DevFund.Reliability.PnPIRPs Device.DevFund.Reliability.ProperINF Device.DevFund.Reliability.RemoteDesktopServices Device.DevFund.Reliability.S3S4SleepStates Device.DevFund.Reliability.Signable Device.DevFund.Reliability.SWDeviceInstallsUsePnPAPIs Device.DevFund.Reliability.X64Support |
Device.DevFund.Reliability.BasicReliabilityAndPerformance
Drivers are architected to maximize reliability and stability and do not "leak" resources such as memory (DEVFUND-0016)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2003 x86, x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 Windows Vista Client x86, x64 Windows XP x86, x64 |
Description
Driver components must not cause the system to crash or leak resources. These resources include but are not limited to the following:
Memory
Graphics Device Interface (GDI) or user objects
Kernel objects such as files, mutex, semaphore, and device handles
Critical sections
Disk space
Printer handles
Design Notes
To improve the reliability and stability of Windows drivers, all drivers will be subjected to a series of generic driver quality tests. These tests include:
Embedded Signature Verification Test - This test verifies that boot start drivers are embedded signed.
Device Install Check for File System Consistency - This test verifies that no system resources have been overwritten during the process of a device/driver install
Device Install Check for Other Device Stability - This test verifies that no device or driver, except the device under test, has been affected by the device(s)/driver(s) install or co-install process
PCI Root Port Surprise Remove Test - This surprise removes PCI root port for the device (if applicable)
PNP (disable and enable) with IO Before and After - This test performs basic I/O and basic PNP disable/enable on the test device(s)
Reinstall with IO Before and After - This test uninstalls and reinstalls the drivers for test device(s) and runs I/O on these device(s)
Sleep with PNP (disable and enable) with IO Before and After - This test cycles the system through various sleep states and performs I/O and basic PNP (disable/enable) on test device(s) before and after each sleep state cycle
Sleep with IO Before and After - This test cycles the system through various sleep states and performs I/O on device(s) before and after each sleep state cycle
Sleep with IO During This test cycles the system through various sleep states and perform I/O on device(s) during each sleep state cycle
Plug and Play Driver Test - This test exercises PnP-related code paths in the driver under test
Device Path Exerciser Test - This consists of a set of tests, each of which concentrates on a different entry point or I/O interface. These tests are designed to assess the robustness of a driver, not its functionality.
CHAOS Test - This test the runs PnP tests (disable/enable, rebalance, remove/restart, surprise remove, and DIF remove) and Driver Fuzz tests on the test device in parallel, while cycling the test system in and out of all of its supported sleep states (S1, S2, S3, S4 and Connected Standby) at the same time
All of these tests will be run with Driver Verifier enabled with standard settings.
In addition Driver Verifier will be enabled on all applicable kit tests.
Additional Information
Business Justification |
Power management/usage, PNP errors as well as IO related errors contribute to a poor end user experience and may often cause system hangs, crashes, and failures. These tests help to identify some common driver problems. |
Enforcement Date |
Jun. 26, 2013 |
Device.DevFund.Reliability.BasicSecurity
Device driver must properly handle various user-mode as well as kernel to kernel I/O requests (DEVFUND-0004)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2003 x86, x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 Windows Vista Client x86, x64 Windows XP x86, x64 |
Description
Driver reliability and security are connected. Reliable drivers help protect the system from malicious attacks.Compliance will be validated by running the Device Path Exerciser test against the device driver. Device Path Exerciser consists of a set of tests, each of which concentrates on a different entry point or I/O interface. These tests are designed to assess the robustness of a driver, not its functionality.During a test, Device Path Exerciser typically sends hundreds of thousands of similar calls to the driver in rapid succession. The calls include varying data access methods, valid and invalid buffer lengths and addresses and permutation of the function parameters, including spaces, strings, and characters that might be misinterpreted by a flawed parsing or error-handling routine.The device driver must comply with the reliability guidelines that are defined in the Windows Driver Kit. All user mode I/O requests and kernel-to-kernel I/O requests must be handled properly to help ensure secure devices and drivers. Design Notes:Potential security vulnerabilities include the failure to check for a buffer overflow, the inability to handle bad data from user mode, and the mishandling of unexpected entry points into the driver. If such vulnerabilities are left unidentified and uncorrected, malicious programs could potentially issue denial-of-service attacks or otherwise bypass system security.For additional information, see the "Creating Reliable and Secure Drivers" and "Creating Reliable Kernel-Mode Drivers" topics in the Windows Driver Kit.
Additional Information
Enforcement Date |
Jun. 01, 2006 |
Device.DevFund.Reliability.BootDriverEmbeddedSignature
Boot drivers must be self-signed with an embedded signature (DEVFUND-0029)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 Windows Vista Client x86, x64 |
Description
All boot start drivers must be embedded-signed using a Software Publisher Certificate (SPC) from a commercial certificate authority. The SPC must be valid for kernel modules. Drivers must be embedded-signed through self-signing before the driver submission. Design Notes:For more information about how to embedded-sign a boot start driver, see Step 6: Release-Sign a Driver Image File by Using an Embedded Signature" at the following website: https://go.microsoft.com/fwlink/?LinkId=237093After the file is embedded-signed, use SignTool to verify the signature. Check the results to verify that the root of the SPC's certificate chain for kernel policy is "Microsoft Code Verification Root." The following command line verifies the signature on the toaster.sys file: Signtool verify /kp /v amd64\toaster.sysVerifying: toaster.sysSHA1 hash of file: 2C830C20CF15FCF0AC0A4A04337736987C8ACBE3Signing Certificate Chain:Issued to: Microsoft Code Verification RootIssued by: Microsoft Code Verification RootExpires: 11/1/2025 5:54:03 AMSHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3Successfully verified: toaster.sysNumber of files successfully Verified: 1Number of warnings: 0Number of errors: 0In the Windows HCK, this requirement will be tested by using the Embedded Signature Verification test.
Additional Information
Business Justification |
Boot drivers must be embedded-signed in order to work properly with the boot process. |
Enforcement Date |
Jun. 01, 2007 |
Device.DevFund.Reliability.DriverInstallUninstallReinstall
Device and Driver Installation/un-installation/re-installation must be completed without any error, including function drivers for a multi-function device (DEVFUND-0030)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
Device and driver installation, uninstallation, or reinstallation must not fail in any case.Driver installation must not cause the system to stop running or to restart without user interaction, unless the operating system requires a restart.For multi-function devices that have separate drivers that enable separate functions, each driver must be capable of installing and uninstalling independently with no start order or hidden dependencies. A multi-function device is a single device that supports multiple functionalities.Devices that use inbox drivers for operation must also meet this requirement. This requirement does not apply to Internet Small Computer System Interface (iSCSI) devices.Design Notes:In the case of multi-function devices, a supervisory driver that loads different drivers for individual functions does not work well with Windows . In particular, driver support is likely to be lost after an operating system reinstallation or upgrade, or when new drivers are distributed through Windows Update. Therefore, such supervisory drivers should be avoided.This requirement will be tested by using the "Reinstall with IO" test in the Windows Hardware Certification Kit (WHCK).
Additional Information
Exceptions |
This requirement does not apply to Internet Small Computer System Interface (iSCSI) devices. PEP and HAL extensions will be considered for exemption from this requirement. |
Enforcement Date |
Jun. 01, 2009 |
Device.DevFund.Reliability.DriverUninstallInstallOtherDeviceStability
Installing or uninstalling the driver must not reduce or eliminate functionality of other devices or other functional parts of the same device installed on the system (DEVFUND-0006)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
Installing or uninstalling a device driver must not reduce or eliminate functionality of other devices that are installed on the system. This requirement also applies to functional units of a multi-function device, whether that functional unit is on the multi-function device or on the system as a whole. Design Notes:The steps for testing this requirement are outlined in the Device install check for other device stability test in the Windows Hardware Certification Kit (WHCK): https://msdn.microsoft.com/library/ff561407(VS.85).aspx .
Additional Information
Enforcement Date |
Jun. 01, 2006 |
Device.DevFund.Reliability.NoReplacingSysComponents
Vendor-supplied drivers or software must not replace system components
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
Driver or software installation must not overwrite any protected operating system files. This includes files that not authored by Microsoft, but that are included as part of the operating system.
If a manufacturer s information file (INF) copies any files that the operating system supplies, the INF must copy those files from the Windows product disk or preinstalled source files, unless the component is a licensed, redistributable component.
Drivers that are not provided by the operating system are not allowed to be named after an operating system supplied driver.
Additional Information
Enforcement Date |
Jun. 26, 2013 |
Device.DevFund.Reliability.NormalOpWithDEP
All drivers must operate normally and execute without errors with Data Execution Prevention (DEP) enabled (DEVFUND-0041)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2003 x86, x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
To help ensure proper device and driver behavior and to enhance the security of Windows systems against viruses and other security threats, all drivers must operate normally when Data Execution Prevention (DEP) is enabled. DEP monitors programs to help make sure that the programs use system memory safely. DEP also protects the system by closing any program that is trying to execute code from memory in an incorrect way. To meet this requirement, drivers must not execute code from data pages such as default heap pages, various stack pages, and memory pool pages.DEP is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. The primary benefit of DEP is to help prevent code execution from data pages. Typically, code is not executed from the default heap and the stack. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. Software-enforced DEP can help prevent malicious code from taking advantage of exception handling mechanisms in Windows.Design Notes:For more information about DEP, including how to enable DEP, visit the following website: https://support.microsoft.com/kb/875352 The test for DEP is currently part of the systems test category in the Windows Hardware Certification Kit (WHCK). A device version of this test will be introduced before this requirement is enforced for logos.
Additional Information
Business Justification |
DEP can help enhance the security of systems that are running Windows operating systems. DEP also helps protect against malicious code, viruses, and other security threats. Making this requirement fundamental for devices will help ensure that all drivers that are signed through the Windows HCK are protected, and that the drivers prevent malware from being signed. |
Enforcement Date |
Jun. 01, 2009 |
Device.DevFund.Reliability.PnPIDs
Plug and Play IDs embedded in hardware devices, including each functional unit of a multi-function device, must have device IDs to support Plug and Play (DEVFUND-0003)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2003 x86, x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
Each device that is connected to an expansion bus must be able to supply its own device ID. Each function or device on a multi-function add-on device that is individually enumerated must also provide a device ID for the bus that the function or device uses. The following are the specific requirements for Plug and Play device IDs:
Each separate function or device on the system board must be separately enumerated. Therefore, each function or device must provide a device ID for the bus that it uses, as required in the current Plug and Play specification.
If a device on an expansion card is enumerated, the device must have a unique ID and its own resources according to the current device ID requirements for the bus to which the card is connected. This requirement includes devices that are separately enumerated on multi-function cards or multi-function chips.
A Plug and Play ID can be shared with other devices that have the same model name, as defined in the device-specific Plug and Play specification.
Each logical function of the device must have a distinct Plug and Play ID.
The install (INF) section must key off only the most specific ID according to the Plug and Play guidelines in the Windows Driver Kit.
For legacy devices such as serial, parallel, and infrared ports, the legacy Plug and Play guidelines define requirements and clarifications for automatic device configuration, resource allocation, and dynamic disable capabilities .
Note: Devices that are completely invisible to the operating system, such as out-of-band systems management devices or Intelligent Input/Output (I2O) hidden devices, still must use Advanced Configuration and Power Interface (ACPI) methods to properly reserve resources and avoid potential conflicts.The following are the exceptions to the individual device ID requirement for multi-function devices:
Multiple devices of the same device class, such as multiline serial devices, do not need individual device IDs.
Devices that are generated by an accelerator or auxiliary processor and that do not have independent hardware I/O do not need individual device IDs. That processor must have an ID, and the MF.sys file must be used to enumerate the dependent devices.
If an OEM uses a proprietary mechanism to assign asset or serial numbers to hardware, this information must be available to the operating system through Windows hardware instrumentation technology.Design Notes:See Windows Hardware Instrumentation Implementation Guidelines (WHIIG), Version1.0, at the following website: https://go.microsoft.com/fwlink/?LinkId=237095
Additional Information
Business Justification |
A unique Plug and Play ID provides a good end user experience for devices. Because a unique device installs each device driver, this requirement helps prevent the issues that occur in Windows Update. This requirement now also includes all aspects of Plug and Play that are relevant for multi-function devices to enable a good Plug and Play experience when the device is used with Windows. This requirement enhances compatibility and reliability when Windows is used with certified devices. |
Enforcement Date |
Jun. 01, 2006 |
Device.DevFund.Reliability.PnPIRPs
Drivers must support all PnP IRPs
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2003 x86, x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 Windows Vista Client x86, x64 Windows XP x86, x64 |
Description
Drivers must support all Plug and Play I/O request packets (IRPs) according to the requirements on the following website: https://msdn.microsoft.com/library/ff558807(v=VS.85).aspxThe following IRPs are often the cause of driver issues. Special attention should be given to their implementation:
Removal
IRP_MN_QUERY_REMOVE_DEVICE
IRP_MN_CANCEL_REMOVE_DEVICE
IRP_MN_REMOVE_DEVICE
Rebalancing
IRP_MN_QUERY_STOP_DEVICE
IRP_MN_QUERY_RESOURCE_REQUIREMENTS
IRP_MN_FILTER_RESOURCE_REQUIREMENTS
IRP_MN_CANCEL_STOP_DEVICE
IRP_MN_STOP_DEVICE
IRP_MN_START_DEVICE
IRP_MN_REMOVE
Surprise Removal
IRP_MN_SURPRISE_REMOVAL
Additional Information
Enforcement Date |
Dec. 01, 2010 |
Device.DevFund.Reliability.ProperINF
Device driver must have a properly formatted INF for its device class (DEVFUND-0001)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2003 x86, x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
Driver installation and removal must use Windows -based methods. Therefore, only information file (INF)-based installation routines are allowed. A device driver must have a properly formatted INF for its device as described in the Windows Driver Kit (WDK) "Creating an INF File" topic. Design Notes:The "INFTest against a single INF" test in the Windows Hardware Certification Kit (WHCK) validates this requirement. For more information about this test, see the Help documentation of the test kit.Note: If the device does not provide an INF file (that is, the device uses the inbox driver and the INF file only), this requirement does not apply.
Additional Information
Exceptions |
If the device does not provide an INF file (that is, the device uses the inbox driver and the INF file only), this requirement does not apply. |
Enforcement Date |
Jun. 01, 2006 |
Device.DevFund.Reliability.RemoteDesktopServices
Client and server devices must function properly before, during, and after fast user switching or a Microsoft Remote Desktop Services session (DEVFUND-0009)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2003 x86, x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 Windows XP x86, x64 |
Description
Devices must support Fast User Switching (FUS) and Remote Desktop Services without losing data before, during, or after sessions. Any user interface (UI) for the device must be shown in the session to which the UI applies. Device usage must not be indefinitely blocked in alternate user sessions.
Additional Information
Business Justification |
FUS and Remote Desktop Services are Windows features. To provide a good and consistent user experience, each device needs to work properly with these services. |
Enforcement Date |
Jun. 01, 2006 |
Device.DevFund.Reliability.S3S4SleepStates
All devices and drivers must support S3 and S4 sleep states of the system they are integrated on or connected to (DEVFUND-0043)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2003 x86, x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 Windows Vista Client x86, x64 Windows XP x86, x64 |
Description
All devices and drivers must meet the following requirements for systems that are entering S3 and S4 sleep states:
All devices and drivers must correctly support the request of a system that is going into S3 or S4 states.
Devices and drivers must not veto the request from the system.
The devices must support both the S3 and S4 states.
All devices must be capable of resuming from S3 and S4 sleep states and be fully functional after waking up.
The device and all its functional units (in the case of multi-function devices) must be enumerated appropriately after the device resumes.
All devices and drivers must respond properly to Plug and Play events, IOCtl calls, and I/O requests that are issued concurrently with sleep state transitions.
This requirement helps ensure that all certified and signed devices will support the S3 and S4 sleep states when the devices are used as part of a system or are connected externally to a system. This requirement will help the systems conserve power when the system is not being used. Power management is an important aspect of a good user experience. The system should be able to control which devices are put into a sleep state when the devices are not being used. All devices must comply with the request from the system to go into a sleep state and not veto the request, thereby putting an additional drain on the power source.Design Notes:This requirement will be tested by using the "Sleep Stress with IO" test and the "PnPDTest with Concurrent IO in parallel with DevPathExer" test in the Windows Hardware Certification Kit (WHCK).The system that is used for testing must support S3 and S4.Note that systems that support Connected Standby will not support S3, and may or may not support S4. Devices in such systems must support Connected Standby, and S4 requests of that system (if applicable).
Additional Information
Enforcement Date |
Jun. 01, 2009 |
Device.DevFund.Reliability.Signable
Device drivers must be able to be signed by Microsoft (DEVFUND-0002)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2003 x86, x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
All devices must have code signed drivers. Drivers that are submitted for the Windows certification must be able to be code signed and must meet the Microsoft guidelines that are defined in the Windows Driver Kit "WHQL Digital Signatures" topic. All boot start drivers must be embedded-signed by using a certificate that is valid for kernel modules. Devices must be embedded-signed via self-signing before the devices are submitted to Microsoft for certification. It is recommend that all drivers are embedded-signed via self-signing before the drivers are submitted to Microsoft, although this is only required for boot start drivers.Design Notes:For requirements for digital signatures, see the "Driver Signing/File Protection" topic at the following website:https://go.microsoft.com/fwlink/?LinkId=36678The INF2CAT signability verification tool installs automatically the first time that you create a submission on Microsoft's website. For more information about the INF2CAT tool, visit the following website:https://go.microsoft.com/fwlink/?LinkId=109929
Additional Information
Exceptions |
This requirement does not apply to devices that use the inbox drivers of the operating system. |
Enforcement Date |
Jun. 01, 2006 |
Device.DevFund.Reliability.SWDeviceInstallsUsePnPAPIs
Software-initiated device-installs use Plug and Play APIs to install device drivers (DEVFUND-0015)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
Device installers that directly manipulate Plug and Play resources contribute to system instability. Therefore, direct manipulation of Plug and Play resources will be blocked on later releases of Windows . To help ensure compatibility with Windows releases, standard Plug and Play application programming interfaces (APIs) must be used to install device drivers.Design Notes:In Windows Vista and later operating systems, standard Plug and Play calls such as the SetupCopyOEMInf call pre-stage all required files for device installation on the system automatically. Pre-staging of driver packages will facilitate driver package migration during a system upgrade to Windows Vista or later Windows operating systems. We strongly encourage the use of the Driver Install Framework tools to meet this logo requirement. Use of DIFxAPI, DIFxAPP, or DPInst DIFx tools fulfills this requirement.
Additional Information
Enforcement Date |
Jun. 01, 2006 |
Device.DevFund.Reliability.X64Support
Device drivers support x64 versions of Windows (DEVFUND-0014)
Target Feature |
Device.DevFund.Reliability |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64 Windows 8.1 Client x86, x64 Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 Windows Vista Client x86, x64 |
Description
All kernel mode or user mode products and drivers that are submitted for a Microsoft signature or logo must support the x64 version of that specific Windows operating system, with certain exceptions that are described below. All x64 device drivers must adhere to the Microsoft x64 software calling convention, as defined in the Windows Driver Kit.This requirement applies to Windows Vista and later operating systems. The requirement applies to all unclassified drivers and drivers that have a logo. An x86 driver submission is optional in all cases. However, if a vendor submits an x86 driver or device, the vendor must also submit an x64 driver. Update submissions for x86 drivers do not need to include x64 drivers again unless the updates also apply to x64 drivers. When a vendor submits any device or driver for x86 architecture, and the device or driver is expected to work with x64 operating system inbox drivers, the Windows Hardware Certification Kit (WHCK) test results of that device with the x64 inbox drivers must also be included in the submission.This requirement does not apply to IA-64 devices and drivers. IA-64 devices and drivers are not required to support the x64 architecture. "All products" refers to all hardware IDs that are enumerated in the operating system for that device or driver. Virtual hardware IDs, or hardware IDs that do not correspond to a physical device but are created in a driver only, must be enumerated identically for x86, IA64 and x64 architectures. No additional prefix or suffix may be appended to differentiate between x86, IA64, and x64 architecture virtual hardware IDs.This requirement does not apply to devices that are physically embedded on a system that is capable of supporting only an x86 operating system. Vendors that submit devices under this exemption must provide justification in the Readme file that is included with the submission package. Justification must include relevant information, such as the system name on which the device is embedded and the processor that is used on the system.For Windows Server 2008: Legacy devices that are submitted for a Windows Server 2008 signature are exempt from this requirement and can make an x86-only submission. Vendors that submit devices under this exemption must provide justification in the Readme file that is included with the submission package. Legacy devices are devices that were at the "end-of-life" stage when Windows Server 2008 was released, but that are included in systems that will be tested for the supported designation and that need to provide Windows Server 2008 signed drivers for system submissions.Design Notes:To increase the safety and stability of the Microsoft Windows platform, unsigned kernel-mode code will not load and will not run on Windows Vista 64-bit platforms. For additional details, see the document that is titled "Digital Signatures for Kernel Modules on Systems Running Windows Vista" at the following website:https://go.microsoft.com/fwlink/?LinkId=108140For more information about creating drivers to run on 64-bit editions of Windows operating systems, see the checklist for 64-bit Microsoft drivers at the following website:https://go.microsoft.com/fwlink/?LinkId=108141For more information about the Microsoft x64 calling convention, see the "Calling Convention for x64 64-bit Environments" topic in the Windows Driver Kit.Notes about testing:This requirement will be tested during the submission approval process after the submission is uploaded to Microsoft. Validation is performed at the hardware ID level. The test enumerates all hardware IDs that are included in the x86 driver. The test also verifies the following:
The same hardware IDs are also included in the x64 driver package.
The hardware IDs have the right descriptors for the operating system's x64 platform.
The x64 driver has been tested on the x64 platform and results have been submitted.
If a match is not found in the current submission package, the test will search through past approved x64 submissions to find the hardware IDs.For valid exemption cases, the details of the exempt hardware IDs must be included in the Readme file that is included with the submission.
Additional Information
Enforcement Date |
Jun. 01, 2006 |
Device.DevFund.Reliability.3rdParty
Reliability tests containing content of the former DEVFUND tests
Related Requirements |
Device.DevFund.Reliability.3rdParty.FormerTests |
Device.DevFund.Reliability.3rdParty.FormerTests
Former Tests Mapping Requirement
Target Feature |
Device.DevFund.Reliability.3rdParty |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
The feature Device.DevFund.Reliability.3rdParty and this requirement are a placeholder for mapping of former DevFund tests not found in other requirement.
Additional Information
Exceptions |
This requirement does not apply to devices that use the inbox drivers of the operating system. |
Enforcement Date |
Jun. 01, 2006 |
Device.DevFund.Reliability.Interrupts
Reliability with respect to device interrupts
Related Requirements |
Device.DevFund.Reliability.Interrupts.BasicReliabilityAndPerformance |
Device.DevFund.Reliability.Interrupts.BasicReliabilityAndPerformance
Drivers must not exceed the maximum number of interrupts, and must support resource arbitration down to a minimum level as defined by the operating system
Target Feature |
Device.DevFund.Reliability.Interrupts |
Applies to |
Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
The driver must be able to tolerate system re-balancing of interrupt resources with any alternative chosen by the OS without failures, including the theoretical minimum of one line based interrupt.Interrupt arbitration may require multiple iterations. Drivers must be prepared to tolerate cases where their initial interrupt request is rejected. In order to support optimal and timely interrupt arbitration, drivers should provide multiple alternatives at successively reduced interrupt count. Drivers should avoid requesting more than one interrupt per core when possible. Any request for greater than 2048 interrupts per device function will be rejected per the PCIe 3.0 defined MSI-X table entry limit of 2048 per device.Design Notes:This requirement is currently untested.
Additional Information
Business Justification |
Requesting more than one interrupt per core can lead to IDT exhaustion in settings where many devices are present. Requesting a total number of interrupts based on the number of cores often leads to memory allocation issues. |
Enforcement Date |
Mar. 01, 2012 |
Device.DevFund.ReliabilityDisk
Reliability tests targeting disk devices
Related Requirements |
Device.DevFund.ReliabilityDisk.IOCompletionCancellation |
Device.DevFund.ReliabilityDisk.IOCompletionCancellation
Device driver follows design details in the I/O Completion/Cancellation Guidelines (DEVFUND-0013)
Target Feature |
Device.DevFund.ReliabilityDisk |
Applies to |
Windows 7 Client x86, x64 Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
I/O completion and cancellation guidelines for drivers provide prescriptive requirements to help ensure that device drivers do not stop responding and can be fully cancelled. These requirements also suggest best practices that drivers can follow to improve performance.Based on the guideline, all device drivers must meet the following requirements:
All I/O request packets (IRPs) that are cancelled must be completed within five seconds in an environment that is not resource constrained. No cancellation should be missed even though the cancellation requests may arrive at any instant, even before driver's dispatch routine sees the IRP.
All resources that a cancelled IRP allocates must be released at IRP cancellation time to prevent hindering system performance under a high cancellation load. The cancellation of the IRP should shut down any I/O intensive process.
In addition, we strongly recommend that drivers do not depend on an additional allocation of resources during cancellation.Design Notes:The Windows I/O Manager includes enhancements to support cancellation of the MJ_IRP_CREATE process. The Win32 application programming interfaces (APIs) include enhancements to support cancellation of synchronous operations, such as CreateFile. These enhancements allow I/O cancellation in more environments than in earlier operating systems. For more information, see the "I/O Completion/Cancellation Guidelines" whitepaper at the following website:https://www.microsoft.com/whdc/driver/kernel/default.mspx. For more information about designing completion and cancellation logic for drivers, see the following topics in the Windows Development Kit (WDK):Completing IRPsCanceling IRPsCancel-Safe IRP QueuesUsing the System's Cancel Spin Lock
Additional Information
Business Justification |
The primary justification for this requirement is to prevent drivers from causing applications to stop responding. Additionally, users cannot terminate or restart the applications. Drivers that cause applications to stop responding are a significant cause of customer dissatisfaction. A secondary justification for this requirement is to improve the customer experience by permitting I/O cancellation to occur on demand by a user, through the use of user interface (UI) elements such as a universal stop button or cancel buttons. This requirement was introduced in Windows Vista. The requirement adds demands to existing driver cancellation logic and adds the requirement that drivers support cancelling creation requests. Drivers that stop responding can lead to sometimes random application and operating system failures that result in lost customer productivity, lost customer data, and the need to reboot the computer. Beyond these very serious problems, nonexistent or poor I/O cancellation support prevents applications from successfully stopping operations without restarting the application. |
Enforcement Date |
Jun. 01, 2006 |
Device.DevFund.Security
Additional TDI filter driver and LSP requirements related to security.
Related Requirements |
Device.DevFund.Security.NoTDIFilterAndLSP |
Device.DevFund.Security.NoTDIFilterAndLSP
No TDI filters or LSPs are installed by the driver or associated software packages during installation or usage
Target Feature |
Device.DevFund.Security |
Applies to |
Windows 8 Client x86, x64, ARM (Windows RT) Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
There can be no use of TDI filters or LSPs by either kernel mode software or drivers, or user mode software or drivers.
Additional Information
Business Justification |
Use of TDI filters and LSPs increase attack surface, and will therefore no longer be supported for future OS releases. |
Enforcement Date |
Mar. 01, 2012 |
Device.DevFund.Server
Related Requirements |
Device.DevFund.Server.CommandLineConfigurable Device.DevFund.Server.MultipleProcessorGroups Device.DevFund.Server.OperateInServerCore Device.DevFund.Server.ServerPowerManagement |
Device.DevFund.Server.CommandLineConfigurable
Windows Server device drivers which have configurable settings provide command line utility or function for device and driver management
Target Feature |
Device.DevFund.Server |
Applies to |
Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
Windows Server device drivers are required to supply a command-line, scriptable, or answer-file-capable utility or functionality for device and driver management. The following device categories are included:
Network, including teaming and Infiniband
Storage, including multipath I/O (MPIO)
Bus
Other drivers that may have configurable settings
The specific requirements are the following:
The utility or tool functionality may use Visual Basic Scripting Edition (VBS), PowerShell, Windows Management Instrumentation (WMI), other functionality that the Windows Server Core option supports, or a proprietary utility or other menu system that functions in the Server Core option.
The utility or functionality must operate from the command line or be a WMI object and provider that is compatible with the Windows Management Instrumentation Command-line (WMIC) tool.
The utility must be provided as part of the driver package and be installed by default on the system with the driver.
The utility must be able to correctly query, display, and change any values that can be changed for the driver.
The utility must not incorrectly create or set options that do not exist for a specific device or driver. The utility must be capable of changing any setting if the operating system does not provide the ability to change that setting from the command line.
Changed values or ranges that the user inputs must be automatically checked to ensure that the user input is valid.
Changes that the utility makes must not require any network or storage stack restarts or system reboots, unless a boot, system, or paging behavior or location is modified.
Changes that the utility makes are persistent across reboots.
Help about the utility usage and options is available locally on the system. For example, the utility must provide a "configutil /?" command-line option, or the WMI options for the product must be exposed through standard WMIC commands.
The utility should not be installed by the information file (INF).
The utility should be installed by default. This can be accomplished by using a co-installer.
This requirement does not apply to storage arrays, storage fabrics, switches, or other devices that are external to the server system and that can be managed by any system that is attached to the Ethernet, Fibre Channel, or other network. This requirement does not apply to printers or any device that does not have configurable settings. For example, in a system that uses the graphical interface, there are no "Advanced", "Power Management", or other additional tabs in the Device Manager interface, nor are any utilities available from the vendor that achieve the same effect.If vendors provide access to functionality only through graphical tools with no command-line or WMI access, vendors must provide information to Microsoft about any functionality that is available only by using graphical tools and is not accessible from the command line or WMI provider. Microsoft may determine, in its sole and final discretion, whether the exception(s) will be permitted. This requirement applies to any physical device, or device that has a PCI ID, that has a driver; to any driver that is in the network, storage, file system or other stacks; and to any device or driver that otherwise operates at kernel or user mode in the operating system instance on the server.
Additional Information
Enforcement Date |
Jun. 01, 2010 |
Device.DevFund.Server.MultipleProcessorGroups
Drivers must operate correctly on servers that have processors configured into multiple processor groups
Target Feature |
Device.DevFund.Server |
Applies to |
Windows Server 2012 R2 x64 Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
Windows Server uses the concept of KGROUPs to extend the number of processors that a single instance of the operating system can support to more than 64. Both enlightened and unenlightened device drivers must operate correctly in multiple KGROUP configurations.Design Notes:For more information, see the "Supporting Systems That Have More Than 64 Processors: Guidelines for Developers" white paper at the following website: https://www.microsoft.com/whdc/system/Sysinternals/MoreThan64proc.mspxThis requirement is tested for all server device categories. The test uses BCDEdit functionality to change the boot configuration database (BCD) of the operating system, thus changing the size of the processor groups (the groupsize setting) so that multiple processor groups are created. The test also uses BCDEdit functionality to add the groupaware setting to the BCD. This changes the behavior of several now-legacy application programming interfaces (APIs) so that the test finds more code errors.The operating system will not ship with any of these settings. These settings are for testing only and will not be supported in production. To reconfigure the system for normal operations, these settings must be removed from the BCD and the system must be rebooted. The system that is used for testing must include at least four processor cores.Vendors may configure the system so that it is similar to the Windows HCK and Device Test Manager (DTM) systems. Vendors can perform their own tests in a multiple processor group configuration, as follows.The command lines to add the group settings and reboot the computer are the following:bcdedit.exe /set groupsize 2bcdedit.exe /set groupaware onshutdown.exe -r -t 0 -fThe command lines to remove the group settings and reboot the computer are the following:bcdedit.exe /deletevalue groupsizebcdedit.exe /deletevalue groupawareshutdown.exe -r -t 0 -f
Additional Information
Enforcement Date |
Jun. 01, 2009 |
Device.DevFund.Server.OperateInServerCore
Device drivers must install, configure, be serviced and operate in Windows Server Core
Target Feature |
Device.DevFund.Server |
Applies to |
Windows Server 2012 R2 x64 |
Description
The hardware platforms on which Windows Server operating systems are deployed have evolved dramatically in the past decade. As these become graphic-less system designs for cost and deployment efficiencies, the customers expect to completely setup, deploy, configure and manage these hardware platforms using the minimal command line interface and automated scripting of Windows Server Core. Windows Server device drivers must evolve in a similar manner to allow the customers to pursue these operations unhindered.
A device driver must demonstrate its ability to install, configure, be serviced and operate without reliance on the presence of a GUI.
Additional Information
Enforcement Date |
Jun. 26, 2013 |
Device.DevFund.Server.ServerPowerManagement
Windows Server device drivers must support Query Power and Set Power Management requests
Target Feature |
Device.DevFund.Server |
Applies to |
Windows Server 2012 R2 x64 Windows Server 2008 x86, x64, Windows Server 2008 Release 2 x64 Windows Server 2012 x64 |
Description
During transition into the hibernation (S4) system sleep state, device drivers receive power requests from the operating system. In Windows Server 2008, a server is placed into a "pseudo"-S4 state during a processor or memory hot replace operation. Device drivers must honor the Query Power and Set Power requests that are dispatched as part of this operation. Device drivers must queue all I/O requests during this pseudo-S4 operation.A device driver must support this pseudo-S4 sleep state by correctly handling the Query Power and Set Power power management requests. A device driver should never reject a Query Power request. When a device driver receives an S4 Set Power power management request, the driver must transition its devices into a D3 device power state and stop all I/O operations. This includes any direct memory access (DMA) transfers that are currently in progress. When the driver's devices are in a low power state, interrupts are disabled, and all in-progress I/O operations are halted, the replace operation can continue without affecting the device driver.While a driver's devices are in the D3 power state, the device driver should queue any new I/O requests that the driver receives. A device driver should use an I/O time-out period for the I/O requests that the driver processes. This time-out period must be long enough so that the I/O requests will not time out if they are stopped or queued during the replacement of a partition unit. When the operating system resumes from the pseudo-S4 sleep state, the device driver can resume processing any stopped or queued I/O requests.The D3 state may be either D3 "Hot", to support devices that must respond to external stimuli, or D3 "Cold".A device driver must not bind itself to a uniquely identifiable instance of system hardware, such as a specific processor. If this occurs, the driver may fail if the partition unit that contains that hardware is replaced in the hardware partition.Design Notes:For more information, see the "Driver Compatibility for Dynamic Hardware Partitioning" white paper at the following website:https://www.microsoft.com/whdc/system/platform/server/dhp.mspx
Additional Information
Enforcement Date |
Sep. 01, 2008 |
Device.DevFund.Server.PCI
PCI
Related Requirements |
Device.DevFund.Server.PCI.PCIAER |
Device.DevFund.Server.PCI.PCIAER
Windows Server PCI Express devices are required to support Advanced Error Reporting [AER] as defined in PCI Express Base Specification version 2.1.
Target Feature |
Device.DevFund.Server.PCI |
Applies to |
Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
See Tables 6-2, 6-3, 6-4 and 6-5 of the PCI Specification on how errors are detected in hardware, the default severity of the error, and the expected action taken by the agent which detects the error with regards to error reporting and logging.All three methods of error reporting; completion status, error messages, error forwarding\data poisoning.Completion status enables the Requester to associate an error with a specific Request.Error messages indicate if the problem is correctable or not, and fatal or notError forwarding\data poisoning can help determine if a particular Switch along the path poisoned the TLPThe following table lists which errors in section 6.2 are required to be reported:Type of Errors Required? ____ Action ERR_COR (correctable) No No action, not logged in Event View, system takes no action ERR_FATAL (fatal, non-correctable) Yes WHEA handles, logged ERR_NONFATAL (non-fatal) Yes None
Additional Information
Enforcement Date |
Jan. 01, 2012 |
Device.DevFund.Server.StaticTools
Related Requirements |
Device.DevFund.Server.StaticTools.SDVandPFD |
Device.DevFund.Server.StaticTools.SDVandPFD
Driver Development includes static analysis to improve reliability using Static Driver Verifier (SDV) and Prefast for Drivers (PFD)
Target Feature |
Device.DevFund.Server.StaticTools |
Applies to |
Windows Server 2012 R2 x64 Windows Server 2012 x64 |
Description
Server driver development must include log files for Static Driver Verifier (SDV) and Prefast for Drivers (PFD). Because these tools may produce false errors, you need only submit the logs rather than provide logs which are fully passing.Design Notes:Microsoft's Static Analysis Tools, namely, Prefast for Drivers (PFD) and Static Driver Verifier (SDV) have been found to be highly effective in improving driver reliability by identifying coding issues that would be otherwise difficult to find. Because PFD may produce false errors or warnings, you must fix only those errors and warnings that you deem to be true problems with your driver code. The results file will be captured by the Windows HCK for inclusion in the submission package. Note that there is no requirement that the submitted and subsequently distributed binary be compiled using Microsoft Windows Device Kit or other tools. It is highly recommended that you fix errors and warnings that might be determined to indicate true problems with your driver code.
Additional Information
Business Justification |
SDV and PFD provide driver analysis that ensures driver reliability, and a stable system for end users. |
Enforcement Date |
Jun. 26, 2013 |