Volume Filter

NTDEV
1

Hi there,

I am tasked with developing a driver for Volume Encryption. I have looked up the diskperf code and truecrypt. I have developed a file system filter driver before which did file encryption. I have read some books and this list on developing device drivers. There are some confusion that i need to get answers to if you can help me.

  1. Should I develop a WDM or a WDF driver? I read on the list that basically the WDF drivers are more stable when it comes to PnP and power management. So my question is that which architecture is the best for developing a driver for Volume encryption.

  2. We are going to use the approach of Truecrypt in which we will have our own header in the start and then we will have the rest of the filesystem metadata and data after our header. Will a volume filter suffice for this kind of approach. We are not going to encrypt boot drive just the other drives on the volume and USB storage media.

Answer to these question will help me a lot with deciding what to do next. You response are appreciated.

Thanks
Suhail Ansari

2

I would use KMDF for your driver. I don’t think UMDF is appropriate and why
do all the PnP/Power code when it is already done for you.

If you have a small amount of ‘header’ data, why not consider using the
space between the partition boot record and the master boot record for that
volume? It might work easier, though some other products use that space and
could conflict. If you permit a page file to be stored on that volume, it
will probably require that your driver become a boot start driver.

wrote in message news:xxxxx@ntdev…
> Hi there,
>
> I am tasked with developing a driver for Volume Encryption. I have looked
> up the diskperf code and truecrypt. I have developed a file system filter
> driver before which did file encryption. I have read some books and this
> list on developing device drivers. There are some confusion that i need to
> get answers to if you can help me.
>
> 1) Should I develop a WDM or a WDF driver? I read on the list that
> basically the WDF drivers are more stable when it comes to PnP and power
> management. So my question is that which architecture is the best for
> developing a driver for Volume encryption.
>
> 2) We are going to use the approach of Truecrypt in which we will have our
> own header in the start and then we will have the rest of the filesystem
> metadata and data after our header. Will a volume filter suffice for this
> kind of approach. We are not going to encrypt boot drive just the other
> drives on the volume and USB storage media.
>
>
> Answer to these question will help me a lot with deciding what to do next.
> You response are appreciated.
>
> Thanks
> Suhail Ansari
>

3

Thanks for the input. KMDF is what I am thinking to do it right now and studying it.

First i was thinking to utilize that space but i read somewhere on the list that it is not a good idea to use that space because Vista wont mount any volume with that part corrupted. I am not sure how correct is that. I will look into what you have suggested.

One question that i do have is that if i wanted to use the approach in which i have my own meta-data at the start of the volume and than put the other meta-data after my meta-data will a Volume Filter be sufficient or do i have to do something else to provide that functionality.

Thanks
Suhail Ansari

4

Volume space is totally owned by the FS. As an alternate solution, you
could ask FS to allocate space for you(create a file and write EOF at
the desired offset) and then record the location (of the file). Have
your volume filter get this location( of your header) from registry.

-----Original Message-----
From: xxxxx@hotmail.com [mailto:xxxxx@hotmail.com]
Sent: Tuesday, November 04, 2008 12:00 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Volume Filter

Thanks for the input. KMDF is what I am thinking to do it right now and
studying it.

First i was thinking to utilize that space but i read somewhere on the
list that it is not a good idea to use that space because Vista wont
mount any volume with that part corrupted. I am not sure how correct is
that. I will look into what you have suggested.

One question that i do have is that if i wanted to use the approach in
which i have my own meta-data at the start of the volume and than put
the other meta-data after my meta-data will a Volume Filter be
sufficient or do i have to do something else to provide that
functionality.

Thanks
Suhail Ansari

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

5

Thanks Harish for the input. I do have one question though. When i looked into Truecrypt code they utilize the approach that I was highlighting. I know that FS owns the volume but the way I saw Truecrypt working suggests that there is a way of doing this.

Point is if i use the first say 512 bytes as my header and then write all the data which means FS Meta-data and other data after these bytes. In the I/O path the filter will offset the sectors by 512 which means the FS Recognizers will get the right data when they try to check the volume. That is what i understood from Truecrypt’s code.

I may be wrong so please correct me if my assumptions are wrong here.

Thanks
Suhail Ansari

6

What if the FS writes to last sector|cluster in the volume.

-----Original Message-----
From: xxxxx@hotmail.com [mailto:xxxxx@hotmail.com]
Sent: Tuesday, November 04, 2008 12:49 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Volume Filter

Thanks Harish for the input. I do have one question though. When i
looked into Truecrypt code they utilize the approach that I was
highlighting. I know that FS owns the volume but the way I saw Truecrypt
working suggests that there is a way of doing this.

Point is if i use the first say 512 bytes as my header and then write
all the data which means FS Meta-data and other data after these bytes.
In the I/O path the filter will offset the sectors by 512 which means
the FS Recognizers will get the right data when they try to check the
volume. That is what i understood from Truecrypt’s code.

I may be wrong so please correct me if my assumptions are wrong here.

Thanks
Suhail Ansari

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

7

Cant you fake the size of the volume as we do in the file system filter when we add a trailer to the file we fake the file size. Can a volume filter report the size of the volume to be ORIGINAL_SIZE - MY_OWN_HEADER_SIZE.

8

>we fake the file size. Can a volume filter report the size of the volume to be ORIGINAL_SIZE -

MY_OWN_HEADER_SIZE.

Yes it can.

IOCTL_DISK_GET_LENGTH_INFO and older IOCTL_DISK_GET_DRIVE_GEOMETRY


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com