Developers keen to write Windows drivers in Rust now have improved tools and samples, but progress is slow and obstacles to production use remain.
Senior software engineer Nate Deisinger has reported on the current state of Rust for developing Windows drivers. The news is mixed. On the plus side, Deisinger said that Rust crates (packages) exist for creating valid Windows 11 drivers using WDM (Windows Driver Model), KMDF (kernel-mode driver framework), or UMDF (user-mode driver framework). WDM is the older, low-level approach, while KMDF and UMDF are the higher-level abstractions that most developers use.
That said, Deisinger warned that drivers using these crates "still need to make use of unsafe blocks for interacting with the Windows operating system," removing some of the benefits of Rust, though there is still the benefit of safety guarantees for business logic code.
The WDF (Windows Driver Frameworks, including both KMDF and UMDF) team is working on safe Rust abstractions that would enable developers to reduce the amount of unsafe code blocks, according to Deisinger. There is also work underway to use Rust in the Windows kernel itself, some of which shipped in Windows 11 24H2.
There is TPM a cargo extension called cargo-wdk too, which is evolving to be a capable tool for developing drivers in Rust. For example, typing "cargo wdk new --kmdf" will create a KMDF driver template. Future plans for cargo-wdk include ARM64 support, automatic installation of dependencies, and driver deployment to test machines.
Given all this work, can developers actually ship drivers written in Rust? Not easily. The GitHub repository states that the project is in early stages and is "not yet recommended for production use."
Two years ago, a member of the Windows networking team asked what the blockers were. In January of this year, a maintainer said that "the statement in the readme still stands" but that developers are free to use the code as they want, provided that they go through the normal procedures to get production drivers signed by Microsoft.
One of the tests for this requires analysis by GitHub's CodeQL tool. This now supports Rust in public preview since version 2.22.1, released in July, but the docs for analyzing drivers with CodeQL state that 2.21.4 is the most recent version "validated for use with WHCP [Windows Hardware Compatibility Program]."
For now, therefore, production use may be difficult. Deisinger promised to publish more information about submitting Rust drivers to WHCP "over the coming months."
It was back in 2019 that Microsoft Research posted about the company's intention to use Rust to eliminate memory-safety issues, and it was in 2022 that Azure CTO Mark Russinovich said it was time to "halt starting any new projects in C/C++ and use Rust for those scenarios where a non-GC language is required."
Four years on, and it is nearly possible to do that for a Windows driver.®
Source: The register