Microsoft has expanded Hardware Lab Kit (HLK) testing coverage to include software drivers and filter drivers, addressing a long-standing gap where these critical kernel-mode components weren't receiving the same validation rigor as hardware device drivers.
Microsoft has significantly expanded Hardware Lab Kit (HLK) testing coverage for software drivers and filter drivers, closing a long-standing validation gap that left these critical kernel-mode components under-tested despite their privileged operating system access.
The Testing Gap That Needed Fixing
Historically, HLK testing coverage was most consistently applied to hardware device drivers. Software drivers and filter drivers, despite operating in equally privileged and security-sensitive areas of the operating system, did not always receive the same level of automated test coverage. This inconsistency existed even though these drivers play critical roles in system stability and security.
The gap has now been addressed through comprehensive updates to the Windows Driver Test Framework (WDTF) and enhanced Filter Verifier capabilities.
Enhanced Driver Verifier for Filter Drivers
A major enhancement involves enabling Filter Verifier for File System MiniFilter and software drivers. This validation tool now enforces correct usage of Filter Manager APIs, validates object-lifetime rules, and integrates with Driver Verifier (DV) to surface violations during runtime testing.
When Filter Verifier is enabled through DV/WDTF testing, additional Driver Verifier checks are applied across the active device stack. These checks can surface critical violations including:
- Execution-context violations: Reported via Driver Verifier when a driver executes at an invalid IRQL or in an inappropriate threading context
- Leaked pool allocations: Detected when verified drivers fail to release memory during unload or stress scenarios
- Security-isolation and object-lifetime violations: Reported when kernel objects such as FLT_CALLBACK_DATA or FILE_OBJECT are not correctly released
Expanded WDTF Test Coverage
The Windows Device Testing Framework coverage for software and filter drivers has been significantly expanded, increasing the number of applicable HLK tests from 22 to 41. This expansion enables a broader set of existing DevFund scenarios to run against filesystem filter drivers, substantially improving validation coverage for correctness, reliability, and OS contract compliance.
New WDTF Action Plugins
New WDTF action plugins have been introduced and integrated into Filter Manager (Fltmgr) API-based tests in the HLK. These plugins allow tests to observe I/O behavior, apply Driver Verifier dynamically, and generate concurrent I/O patterns under stress conditions.
The new coverage applies to 17 filter types:
- FSFilter Activity Monitor
- FSFilter Anti-Virus
- FSFilter Bottom
- FSFilter Cluster File System
- FSFilter Compression
- FSFilter Content Screener
- FSFilter Continuous Backup
- FSFilter Copy Protection
- FSFilter Encryption
- FSFilter HSM
- FSFilter Imaging
- FSFilter Open File
- FSFilter Physical Quota Management
- FSFilter Quota Management
- FSFilter Replication
- FSFilter Security Enhancer
- FSFilter System Recovery
- FSFilter Top
- FSFilter Undelete
- FSFilter Virtualization
WDTF Datagathers and I/O Plugin Updates
WDTF datagathers have been enhanced to enumerate active File System MiniFilter drivers on a per-volume basis using Filter Manager APIs. This allows tests to accurately detect loaded filters, their attachment state, and associated filter communication ports.
Several WDTF I/O plugins were updated to improve Filesystem MiniFilter validation:
- The Volume WDTF plugin now leverages Filter Manager (FltMgr) APIs when exercising File System MiniFilter functionality
- Support was added for validating filter communication ports
- FSCTL-based I/O was introduced to better exercise filesystem-specific control paths
- The WDTF Driver Verifier plugin was enhanced to enable targeted verification during DevFund and HLK test execution
Why This Matters for the Ecosystem
Software and filter drivers play critical roles in system stability and security. Ensuring they are validated consistently helps improve ecosystem reliability and reduces the risk of system-wide impact from driver failures.
Importantly, no new certification bar has been introduced. Instead, this change closes a gap where HLK behavior did not fully reflect the security and quality intent that already applied to kernel-mode drivers. The goal is consistency: software drivers, filter drivers, and hardware device drivers are now all held to the same baseline expectations when they participate in the Windows Hardware Compatibility Program.
Impact on Driver Developers
If you develop kernel-mode software drivers, file system mini-filters, or security-sensitive filter drivers, you may now see additional HLK tests enumerate where they previously did not. This reflects corrected tooling behavior, not a policy change.
Microsoft encourages driver developers who encounter unexpected results or believe a test is being applied incorrectly to engage through standard driver support channels.
The update, version 2.0 released February 24, 2026, represents a significant step toward ensuring all kernel-mode drivers receive appropriate validation coverage, ultimately leading to a more stable and secure Windows ecosystem.
Comments
Please log in or register to join the discussion