Static Tools Logo Test
This test performs static analysis that is designed to improve reliability and security of drivers. Kernel-mode driver submissions are required to pass the Static Tools Logo Test for certification. CodeQL must be used for static analysis of a kernel-mode driver for submission to Microsoft for signature or certification in order to comply with Windows Hardware Compatibility Program.
Test details
| Specifications |
|
| Platforms |
|
| Supported Releases |
|
| Expected run time (in minutes) | 5 |
| Category | Development |
| Timeout (in minutes) | 0 |
| Requires reboot | false |
| Requires special configuration | false |
| Type | automatic |
Static Analysis for Windows Client Certification
CodeQL is a powerful static analysis technology for securing software. The combination of an extensive suite of high-value security queries and a robust platform make it an invaluable tool for securing third party driver code.
In an effort to raise the security bar of the Windows ecosystem, Microsoft has added this requirement to the Windows Hardware Compatability Program which states that all driver submissions must use the CodeQL engine on driver source code and fix any queries that are deemed “Must-Fix”.
This requirement is enforced by the Static Tools Logo Test.
Please see CodeQL and the Static Tools Logo Test for details regarding how to download and run CodeQL on your driver source code. Following that page along with the "CodeQL and DVL Generation" section below will ensure that the Static Tools Logo Test properly consumes the results of running CodeQL on driver source code as part of the Static Tools Logo Test.
What types of drivers do CodeQL and the Static Tools Logo test apply to?
At present, the Static Tools Logo test requires that CodeQL be run and the "Must-Fix" set of queries passed for all kernel-mode drivers excluding graphics drivers. Note that running CodeQL on graphics drivers is highly recommended even though it is not currently required. Some queries may also find useful defects in user-mode components.
We anticipate extending the test and its queries to require results for graphics drivers, user-mode drivers and driver components, and other driver package components in the future. If you encounter unexpected behavior or false positives running CodeQL on graphics drivers or user-mode drivers, please file an issue on the Windows-Driver-Developer-Supplemental-Tools repo.
If you are running the test on a graphics driver, the test will populate in the HLK but pass by default. If you are running on only user-mode components or are submitting a driver package without code (i.e. an inf extension) then the test may not populate. If you are submitting a kernel-mode component and the test unexpectedly does not populate, ensure that your driver is test signed (see note below).
New in Static Analysis for Windows Server Certification
For Windows Server 2025 Certification, CodeQL will become the required tool for Static Tools Logo Test, this implies that all driver submissions must at a minimum pass all 'must fix' rules to be acceptable for WHCP. However, if you are certifying for Windows Server 2022 and below; CA, SDV and CodeQL can be used. Use WDK builds with the matching OS release versions.
For information on downloading different versions of the WDK, see Download the Windows Driver Kit (WDK). Join the Windows Insider Program to download WDK Insider Preview builds (https://aka.ms/wipwdk).
CodeQL and Driver Verification Log (DVL) Generation
Microsoft is enforcing the requirement of running CodeQL queries with the Static Tools Logo Test. The Static Tools Logo Test uses a Driver Verification Log (DVL) to gather results from different static analyses run on driver source code. This DVL is then parsed as part of the Static Tools Logo Test via an HLK test.
CodeQL results will follow the same model of using a DVL to show that the driver being certified ran the appropriate CodeQL queries in order to pass the HLK test for certification.
Place the .sarif file in the same directory as the .vcxproj file for which a DVL is being generated for. The exact name does not matter as long as the file ends with ".sarif".
Additional documentation
Tests in this feature area might have additional documentation, including prerequisites, setup, and troubleshooting information, that can be found in the following topic(s):
Running the test
Before you run the test, you must create a Driver Verification Log (DVL) by performing the following steps.
Run the CodeQL, Static Driver Verifier and the Code Analysis tool as required on the driver source code.
Run the utility that generates the DVL file. For more information about creating a Driver Verification Log file to include with your submission, see Creating a Driver Verification Log.
Copy the DVL file from the computer that was used to create the DVL file to the test computer that is used when you run the Static Tools Logo Test. Copy the file to the %systemdrive%\DVL directory on the test computer. Be sure to delete the contents of the directory on the test computer before you copy the new driver verification log.
Run the Static Tools Logo Test. If the test does not populate in the HLK, then ensure your driver is test signed (see below). Alternatively, if you are not submitting a .sys file as part of your package, it is expected that the test will not populate.
Note
The goal of the Static Tools Logo test is to require you, as a driver developer, to run CodeQL on your driver prior to submission to help eliminate bugs. However, we have received reports in the past of the test mistakenly asking for CodeQL results for other drivers on the stack due to an architectural limitation, blocking certification.
To resolve this issue in Windows 24H2, we have moved to a model where the signature of the driver for the device under test is checked. With this change, inbox Windows drivers will not be flagged by the test. Additionally, to unblock developers who are performing HLK testing on another third-party's devices, the test will also avoid flagging results for WHCP-signed drivers.
When running this test for certification, your driver should be test signed to ensure the test functions correctly. Failing to do so may result in the test failing to warn about CodeQL violations, or the test failing to enumerate.
Note
The Static Tools Logo Test requires only the DVL file to show that Code QL has been run. The test does not require all rules to pass. Additionally, this job must be run on Server with Desktop. If the HLK test fails from using Server Core (with error message: "RoMetadata.dll could not be found"), the workaround is to run on Server with Desktop and then merge the package with the package containing the results from Server Core. Information on how to merge packets can be found here: /windows-hardware/test/hlk/user/merge-packages.
Troubleshooting
For generic troubleshooting of HLK test failures, see Troubleshooting Windows HLK Test Failures.
More information
Command syntax
| Command option | Description |
|---|---|
TE.exe /inproc /enablewttlogging /appendwttlogging Devfund_DvlTest.dll /p:WDKClass=[WDKClass] /p:DeviceClass=[DeviceClass] /p:QueryDriverNames=[QueryDriverNames] |
Runs the test. |
Note
For command line help for this test binary, type /?.
File list
| File | Location |
|---|---|
Devfund_DvlTest.dll |
<testbinroot>\OSBinRoot |
Microsoft.StaticToolsLogo.ObjectModel.dll |
<testbinroot>\OSBinRoot |
TE.exe |
<testbinroot>\OSBinRoot |
Parameters
| Parameter name | Parameter description |
|---|---|
| WDKClass | Device Class |
| DeviceClass | Device Class parameter |
| QueryDriverNames | Expected driver names. |