What kind of driver do I need to write?

I’m new to windows driver development and so far it’s a bit of a black box - I was hoping someone could point me in the right direction as to what type of driver I need to write, so that I can focus my learning.

My goal is to facilitate S3 sleep where the boot disk is hardware encrypted via https://github.com/Drive-Trust-Alliance/sedutil. I need to send and receive some SCSI commands to unlock the disk as soon as possible after waking, ideally before it is accessed at all.

As it stands, with these commands not sent to the disk, all read/write access will fail, and the machine BSODs soon after waking. Occasionally it is possible to get past the lock screen and see the desktop, but basic usermode is still not responding enough to unlock the disk (I’ve tried via PBT_APMRESUMEAUTOMATIC etc).

My question is basically: how low level do I need to go? Can I solve this with UMDF, or do I need to go to KMDF? Can it be done in some sort of standalone KMDF driver or is a storage filter driver better suited? In that case, should I aim for lower or upper filter?

As far as I understand, any type of driver is capable of sending the same scsi commands as a usermode application to unlock the drive, the challenge is making sure that it either happens very early on in the wake process, or better yet stalls all IO until the drive is unlocked. Is it necessary to be in the storage stack as a filter driver in order to stall all IO?

Is it necessary to be in the storage stack as a filter driver in order to stall all IO?

Yes. You want to be a filter over the device PDO and below the FDO created by disk class.

You’ll actually SEE the S-state transitions… so you can send those CDBs as part of the dev node doing its S3 to S0 transition.

Aren’t these disks natively handled by Windows now? There’s built-in support for all this encryption stuff.

Peter