Blog Post

Surface IT Pro Blog
4 MIN READ

Open-source Rust driver development platform

Melvin_Wang's avatar
Melvin_Wang
Icon for Microsoft rankMicrosoft
Nov 07, 2023

As part of Surface’s commitment to security, we’re excited to introduce windows-drivers-rs to the Windows driver development landscape. This open-source initiative not only champions robust security through Rust but also streamlines the process with an intuitive framework for the Windows Driver Framework (WDF) APIs with the aim of providing the same API coverage as the Windows Driver Kit.

 

Editor's note: This is the second of two posts featuring Rust support. For Part 1, see RUST support for UEFI development through Project Mu.

 

Why Rust?

 

Increased security for users

Rust is a programming language that puts safety first. Up to 70% of security vulnerabilities are related to memory and type safety -- two core security measures that Rust inherently protects.1 Its strict ownership model and built-in support for concurrency actively thwart a range of common pitfalls. 2, 3 By cutting down these risks, Rust ensures your applications are more secure and dependable for end-users.

 

Increased productivity for developers

Rust strikes a balance between top-tier performance and rock-solid reliability. Its toolbox – featuring an advanced type system, well-defined ownership rules, efficient abstractions at no runtime cost, and sound lifetime tracking – guards against frequent bugs. Say goodbye to headaches caused by garbage collection delays, compiler data races, null pointer exceptions, and buffer overruns.

 

Rust’s build system and package manager, called Cargo, makes it super easy to introduce dependencies like windows-drivers-rs. Cargo streamlines Rust development by handling dependency resolution, compiling code, running tests, and packaging programs with ease and consistency across environments. Plus, Rust's contemporary syntax promotes clean and clear code, boosting developer throughput and overall software robustness.

 

Hello world in Rust

 

Here's a simple example that illustrates ownership and borrowing, two key aspects of Rust's memory safety guarantees.

 

fn main() {
    let s1 = String::from("hello");  // s1 owns the string data
    let s2 = s1;                     // Ownership of the string data is moved to s2

    // println!("{}, world!", s1);    // This line would cause a compile-time error because s1 no longer owns the string

    println!("{}, world!", s2);      // This works because s2 now owns the string

    let s3 = &s2;                    // s3 borrows the data from s2
    println!("{}, world again!", s3); // Borrowing is fine; s2 still owns the string, and s3 has an immutable reference

    // Ownership and borrowing ensure safe memory access
    // s1's value was moved, not shallow copied, preventing double free errors
    // s3's immutable borrow means we can't accidentally modify the string elsewhere
}

// Further, trying to use s1 after transferring ownership to s2 would result in a compiler error,
// demonstrating Rust's prevention of dangling references.

 

In this example, the ownership of the string is transferred from s1 to s2. This prevents accidental copying of potentially large amounts of data and ensures that there is a single owner responsible for freeing the memory. The comment in the middle shows where Rust prevents a use-after-move error at compile time, which in other languages could lead to a runtime error.

 

Additionally, s3 demonstrates borrowing, where s3 takes a reference to the data owned by s2. Rust enforces strict rules about how references can be used, ensuring that references are always valid and that no two mutable references (which allow changing the data they refer to) can exist at the same time as another mutable or immutable reference. This rule effectively prevents data races at compile time, which are a common source of bugs in multithreaded applications.

 

Streamlined open-source Rust platform for Windows drivers

Rust is quickly becoming a favorite due to its blend of speed and security features. To help accelerate this, we've launched a platform designed specifically for Windows Driver development in Rust. Traditionally this development was written in C/C++ which required Rust enthusiasts to tap into C APIs via Rust's foreign function interface. This often resulted in a cumbersome, error-riddled manual process.

 

Enter windows-drivers-rs: our solution that seamlessly integrates with the Windows Driver Frameworks (WDF) APIs directly in Rust, with the goal of offering API coverage on par with the Windows Driver Kit.

 

This open-source platform grants easy access to an extensive set of Windows-specific APIs, complemented by existing Rust libraries and tools. Within the repository, developers will find Rust crates tailored for crafting Windows Drivers, supporting various development models like the Windows Driver Model (WDM) and WDF.

 

Early on, we knew that open-sourcing windows-drivers-rs would be pivotal to its success. We want people to dive in, share their feedback, and collaborate with us as we develop this platform.

 

Kickstarting your journey with windows-drivers-rs

Ready to dive into windows-drivers-rs? Start by visiting the GitHub repository.

 

 

Use of the platform requires a valid WDK environment and binding generation. The repository can be included in your driver package by creating a Cargo package and adding the necessary dependencies to the WDR crates in the manifest.  A panic handler, a global allocator, a DriverEntry, and an .inx file can then be added to the crate.

 

For a detailed walkthrough, the Read Me file in the repo is your go-to guide. Want a real-world example? Check out Windows-rust-driver-samples to see the repository in action for driver creation.

 

Note: This project is still in the early stages of development and is not yet recommended for production use. We encourage community experimentation, suggestions and discussions! We’ll be using our GitHub Discussions forum as the main form of engagement with the community!

 

Going forward

Our commitment to Rust includes plans to enhance the Windows-drivers-rs platform and integrate Rust more deeply into various programs and features. Next steps include expanding WDK API coverage and growing the safe development framework. Ultimately, we’re excited to harness Rust’s capabilities to better protect and lead Windows in the PC ecosystem.

 

Footnotes

1. Trends, challenge, and shifts in software vulnerability mitigation

2. What is Ownership? - The Rust Programming Language (rust-lang.org)

3. Fearless Concurrency - The Rust Programming Language (rust-lang.org)

 

Updated Jan 11, 2024
Version 7.0
No CommentsBe the first to comment