Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
MS Flight Simulator (2020): the 2021 PC graphics performance benchmark review
Radeon Series RX 6700 XT preview & analysis
Corsair MM700 & Corsair Katar Pro XT Review
Guru3D Rig of the Month - February 2021
ASUS GeForce RTX 3060 STRIX Gaming OC review
EVGA GeForce RTX 3060 XC Gaming review
MSI GeForce RTX 3060 Gaming X TRIO review
PALIT GeForce RTX 3060 DUAL OC review
ZOTAC GeForce RTX 3060 AMP WHITE review
Fractal Design Meshify 2 Compact chassis review

New Downloads
GeForce 461.81 hotfix driver download
ClockTuner for Ryzen (CTR) v2.0 RC4 Download
SiSoft Sandra 20/21 download v31.12
Intel HD graphics Driver Download Version: DCH 27.20.100.9316
AIDA64 Download Version 6.32.5644 beta
FurMark Download v1.25
MSI Afterburner 4.6.3 Final Stable Download
Display Driver Uninstaller Download version 18.0.3.7
Guru3D RTSS Rivatuner Statistics Server Download 7.3.0 Final
Media Player Classic - Home Cinema v1.9.10 Download


New Forum Topics
AMD Releases Ryzen Threadripper PRO, professional CPU series GeForce Hotfix Driver Version 461.81 VBIOS modded to 1000W for GeForce RTX 3090 Hall Of Fame (HOF) Edition did not yield much MS Flight Simulator (2020): the 2021 PC graphics performance benchmark review AMD confirms that Resident Evil Village will have Ray Tracing support on PC Free to grab: Wargame Red Dragon on Epic Games Store AMD announces Radeon RX 6700 XT 12GB at 479 USD, launches on March 18th RX Vega Owners Thread, Tests, Mods, BIOS & Tweaks ! (cont.) 3080 tuf OC ed. Same stutter in apex once/twice a game (w/frametimegraph) NVIDIA GeForce RTX 3080 Ti to get limited for Cryptocurrency Mining Performance Also




Guru3D.com » News » Microsoft Releases Standards for Secure Windows 10 Devices

Microsoft Releases Standards for Secure Windows 10 Devices

by Hilbert Hagedoorn on: 11/07/2017 08:27 AM | source: | 4 comment(s)
Microsoft Releases Standards for Secure Windows 10 Devices

Microsoft released a set of standard that will apply a safe and secure Windows 10 system. For example, the Redmond company sets requirements for a particular processor and a trusted platform module.

The new standards apply to the latest Feature Update of Windows 10, the Fall Creators Update. Processors wise, Microsoft recommends a 7th generation of Kaby Lake processor from Intel. The standards are intended for general purpose desktops, laptops, tablets, 2-in-1’s, mobile workstations, and desktops and applies specifically and uniquely for Windows 10 version 1709, Fall Creators Update. Windows enterprise security features light up when you meet or exceed these standards and your device is able to provide a highly secure experience.

The hardware standards are broken up into 6 categories reports bleeping computers, which are processor generation, processor architecture, virtualization, trusted platform modules (TPM), platform boot verification, and RAM:

The processor architecture requirement is to have a 64-bit processor so that Windows can take advantage of VBS, or Virtualization-based security, which uses the Windows hypervisor. The hypervisor is only supported on 64-bit processors.

Virtualization, as mentioned above, is an important component of the Windows Security framework. Highly secured Windows 10 devices should support Intel VT-d, AMD-Vi, or ARM64 SMMUs in order to take advantage of Input-Output Memory Management Unit (IOMMU) device virtualization. To use Second Layer Address Translation, or SLAT, processors should support Intel Vt-x with Extended Page Tables (EPT) or AMD-v with Rapid Virtualization Indexing (RVI).

Another recommended component is a Trusted Platform Module, or TPM — a hardware module that is either integrated into a computer chipset or can be purchased as a separate module for supported motherboards that handles the secure generation of cryptographic keys, their storage, a secure random number generator, and hardware authentication.

In addition, Microsoft recommends platform boot verification, which is a feature that prevents the computer from loading a firmware that was not designed by the system manufacturer. This prevents attackers from uploading a maliicous or compromised firmware to the computer. You can use Intel Boot Guard in Verified Boot mode or AMD Hardware Verified Boot to achieve this.

Finally, we have memory, which is recommended to be at a minimum of 8GB. I am unsure why this is a security requirement, rather than just a performance requirement for Windows.

Firmware Standards
A computer's firmware is also expected to meet certain requirements to be a highly secure computer. These requirements are:

  • Systems must have firmware that implements Unified Extension Firmware Interface (UEFI) version 2.4 or later.
  • Systems must have firmware that implements UEFI Class 2 or UEFI Class 3.
  • All drivers shipped inbox must be Hypervisor-based Code Integrity (HVCI) compliant.
  • System's firmware must support UEFI Secure Boot and must have UEFI Secure Boot enabled by default.
  • System's firmware must implement Secure MOR revision 2.
  • Systems must support the Windows UEFI Firmware Capsule Update specification.

Meeting these standards is not that expensive
After seeing the above requirements, you may be thinking that a computer that meets these standard would be costly. Surprisingly, it's not as bad as I expected. For example, this ASUS P-Series P2540UA-AB51 appears to meet all of the requirements listed above and does so for $499 USD. I am sure if I searched harder, I could find even cheaper machines.

Unfortunately, many consumer based computers would not be 100% compliant with the above requirements, simply because many do not include a TPM module. For those looking for a consumer based computer, you should look for ones whose motherboards contain a TPM socket that you use to install a TPM module.







« Intel Core Processor Combines CPU with Discrete Graphics & HBM2 From AMD · Microsoft Releases Standards for Secure Windows 10 Devices · SteelSeries Launches Arctis 3 Bluetooth Headset »

Related Stories

Microsoft ends its free Windows 10 upgrades December 31st - 11/06/2017 08:48 AM
Remember that loophole to upgrade to Windows 10 for free? It appears the end of that deal is coming on December 31. So if you still want to update an older version of Windows towards Windows 10 for fr...

Microsoft releases cumulative updates for Windows 10 ahead of regular Patch Tuesday - 11/06/2017 08:48 AM
Microsoft has released cumulative updates for Windows outside its regular Patch Tuesday updates cycle. The company today released updates for Windows 10 Creators Update (build 1703), Windows 10 Nove...

Awkward: Edge fails during demo at Microsoft Ignite conference - 11/02/2017 08:25 AM
A bit of an awkward yet funny moment for Microsoft, at the Microsoft Ignite conference they where presenting Azure infrastructure and cloud platforms with Microsoft Edge. Edge however fails, so ho...

FTC settles with operators of infamous fake Microsoft tech support scam - 10/30/2017 08:37 AM
The FTC announced it settled with two Microsoft scammers. The criminals tried to convince internet users that their computer was infected with malware and then billed them hundreds of dollars for unne...

Microsoft’s security software causes some Windows PCs to no longer boot - 10/27/2017 07:48 AM
And it's related to a false positive. Windows Defender and Microsoft Security Essentials cause some Windows computers to produce a failed boot. The software falsely identifies the bootloader of open...


DLD
Senior Member



Posts: 881
Joined: 2002-09-14

#5491186 Posted on: 11/10/2017 07:47 PM
M$ is here concerned with two things only: disabling the use of pirated window$, and being able to sneak-peek into the people's PCs, hand in hand with NSA & co...

Mufflore
Senior Member



Posts: 12508
Joined: 2010-05-22

#5491392 Posted on: 11/11/2017 05:39 PM
It doesnt consider the main issue, keeping MS out of my PC.
Data still isnt secure, it leaks out.

sykozis
Senior Member



Posts: 21798
Joined: 2008-07-14

#5491472 Posted on: 11/12/2017 12:13 AM
Microsoft specifically recommends an Intel Kaby Lake processor.....for security....and a TPM module... What good is that TPM module going to do when IME gets compromised? Or IF MS gets hacked? Or if Facebook, Twitter, Google, etc get hacked? Didn't know a TPM module could encrypt all that data that is mined from our computers, while it's stored on servers all over the world.... Shit....let me go enable my TPM module so my next upgrade is just as much a PITA as the last was....

DLD
Senior Member



Posts: 881
Joined: 2002-09-14

#5491527 Posted on: 11/12/2017 04:05 AM
micro$hitting and throwing dust into our eyes, that's all they do (and ever did)...

Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021