A hardened driver obeys all of the rules of a standard ChorusOS device driver as well as some additional rules:
Each piece of hardware should be controlled by a separate instance of the device driver.
Programmed I/O (PIO) must be performed only through the DDI access functions, using the appropriate data access handler.
The device driver must assume that the data it receives from the device could be corrupt. The driver should check the integrity of the data before using it.
The driver must control the effects of any faults it detects. Data supplied by the device may be checked for integrity before it is released to the rest of the system.
The driver must not be an unlimited drain on system resources if the device locks up. It should timeout if a device claims to be continuously busy. The driver should also detect a pathological (stuck) interrupt request and take appropriate action.
The driver must free up resources after a fault. For example, the system must be able to close all minor devices and detach driver instances, even after the hardware fails.