highly secure Windows 10 devices

We have seen powerful windows 10 gadgets this year, Microsoft Corporation recently lists the new standards for “highly secure” Windows 10 devices including general purpose desktop, laptop, tablet, 2-in-1, mobile and workstations. The tech company has included the bare minimum hardware and software requirements only for this system.

Users have to take note that these standards are not generally applicable to all Windows 10 versions. Microsoft is even specific to single out Window 10 1709 or the Fall Creators Update.

Hardware

FeatureRequirementDetails
Processor generationSystems must be on the latest, certified silicon chip for the current release of Windows
  • Intel 7th generation Processors (Intel i3/i5/i7/i9-7x), Core M3-7xxx and Xeon E3-xxxx and current Intel Atom, Celeron and Pentium Processors
  • AMD through the 7th generation processors (A Series Ax-9xxx, E-Series Ex-9xxx, FX-9xxx)
Process architectureSystems must have a processor that supports 64-bit instructionsVirtualization-based security (VBS) features must the Windows hypervisor, which is only supported on 64-bit IA processors, or ARM v8.2 CPUs
Virtualization
  • Systems must have a processor that supports Input-Output Memory Management Unit (IOMMU) device virtualization and all I/O devices must be protected by IOMMU/SMMU
  • Systems must also have virtual machine extensions with second level address translation (SLAT)
  • The presence of these hardware virtualization features must be unmasked and reported as supported by the system firmware, and these features must be available for the operating system to use
  • For IOMMU, the system must have Intel VT-d, AMD-Vi, or ARM64 SMMUs
  • For SLAT, the system must have Intel Vt-x with Extended Page Tables (EPT), or AMD-v with Rapid Virtualization Indexing (RVI)
Trusted Platform Module (TPM)Systems must have a Trusted Platform Module (TPM), version 2.0, and meet the latest Microsoft requirements for the Trustworthy Computing Group(TCG) specificationIntel (PTT), AMD, or discrete TPM from Infineon, STMicroelectronics, Nuvoton
Platform boot verificationSystems must carry out cryptographically verified platform bootIntel Boot Guard in Verified Boot mode, or AMD Hardware Verified Boot, or an OEM equivalent mode with similar functionality
RAMSystems must have 8 gigabytes or more of system RAM

 

Firmware

FeatureRequirementDetails
StandardSystems must have firmware that implements Unified Extension Firmware Interface (UEFI) version 2.4 or laterFor more information, see United Extensible Firmware Interface (UEFI) firmware requirements and Unified Extensible Firmware Interface Forum specifications
ClassSystems must have firmware that implements UEFI Class 2 or UEFI Class 3For more information, see Unified Extensible Firmware Interface Forum specifications
Code integrityAll drivers shipped inbox must be Hypervisor-based Code Integrity (HVCI) compliantFor more information, see the Enable virtualization-based isolation for Code Integrity section of Driver compatibility with Device Guard in Windows 10
Secure bootSystem’s firmware must support UEFI Secure Boot and must have UEFI Secure Boot enabled by defaultFor more informaion, see UEFI firmware requirements and Secure Boot
Secure MORSystem’s firmware must carry out Secure MOR revision 2For more information, see Secure MOR implementation
Update mechanismSystems must support the Windows UEFI Firmware Capsule Update specificationFor more information, see Windows UEFI firmware update platform

 

SOURCE MICROSOFT

LEAVE A REPLY

Please enter your comment!
Please enter your name here