Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
AMD Ryzen 5 5600 review
PowerColor RX 6650 XT Hellhound White review
FSP Hydro PTM Pro (1200W PSU) review
ASUS ROG Radeon RX 6750 XT STRIX review
AMD FidelityFX Super Resolution 2.0 - preview
Sapphire Radeon RX 6650 XT Nitro+ review
Sapphire Radeon RX 6950 XT Sapphire Nitro+ Pure review
Sapphire Radeon RX 6750 XT Nitro+ review
MSI Radeon RX 6950 XT Gaming X TRIO review
MSI Radeon RX 6750 XT Gaming X TRIO review

New Downloads
AIDA64 Download Version 6.70
FurMark Download v1.30
Display Driver Uninstaller Download version 18.0.5.1
Download Samsung Magician v7.1.1.820
Intel ARC graphics Driver Download Version: 30.0.101.1732
HWiNFO Download v7.24
GeForce 512.77 WHQL driver download
Intel HD graphics Driver Download Version: 30.0.101.1960
AMD Radeon Software Adrenalin 22.5.1 WHQL driver download
3DMark Download v2.22.7359 + Time Spy


New Forum Topics
Rumor: AMD to announce X670 Extreme, X670 and B650 Chipsets How to achieve smooth 30 FPS on PC ? [3rd-Party Driver] Amernime Zone Radeon Insight 22.5.1 WHQL Driver Pack (Released) NVSlimmer - NVIDIA driver slimming utility Windows 11 Insider Builds AMD Software Preview Driver May 2022 driver download and discussion New Upcoming ATI/AMD GPU's Thread: Leaks, Hopes & Aftermarket GPU's Are we ever going to get a new NVIDIA CONTROL PANEL ??? Guide and download: ClockTuner v2.1 for Ryzen (CTR) 5900x or 5800x3D?




Guru3D.com » News » Microsoft Releases Standards for Secure Windows 10 Devices

Microsoft Releases Standards for Secure Windows 10 Devices

by Hilbert Hagedoorn on: 11/07/2017 09:27 AM | source: | 4 comment(s)
Microsoft Releases Standards for Secure Windows 10 Devices

Microsoft released a set of standard that will apply a safe and secure Windows 10 system. For example, the Redmond company sets requirements for a particular processor and a trusted platform module.

The new standards apply to the latest Feature Update of Windows 10, the Fall Creators Update. Processors wise, Microsoft recommends a 7th generation of Kaby Lake processor from Intel. The standards are intended for general purpose desktops, laptops, tablets, 2-in-1’s, mobile workstations, and desktops and applies specifically and uniquely for Windows 10 version 1709, Fall Creators Update. Windows enterprise security features light up when you meet or exceed these standards and your device is able to provide a highly secure experience.

The hardware standards are broken up into 6 categories reports bleeping computers, which are processor generation, processor architecture, virtualization, trusted platform modules (TPM), platform boot verification, and RAM:

The processor architecture requirement is to have a 64-bit processor so that Windows can take advantage of VBS, or Virtualization-based security, which uses the Windows hypervisor. The hypervisor is only supported on 64-bit processors.

Virtualization, as mentioned above, is an important component of the Windows Security framework. Highly secured Windows 10 devices should support Intel VT-d, AMD-Vi, or ARM64 SMMUs in order to take advantage of Input-Output Memory Management Unit (IOMMU) device virtualization. To use Second Layer Address Translation, or SLAT, processors should support Intel Vt-x with Extended Page Tables (EPT) or AMD-v with Rapid Virtualization Indexing (RVI).

Another recommended component is a Trusted Platform Module, or TPM — a hardware module that is either integrated into a computer chipset or can be purchased as a separate module for supported motherboards that handles the secure generation of cryptographic keys, their storage, a secure random number generator, and hardware authentication.

In addition, Microsoft recommends platform boot verification, which is a feature that prevents the computer from loading a firmware that was not designed by the system manufacturer. This prevents attackers from uploading a maliicous or compromised firmware to the computer. You can use Intel Boot Guard in Verified Boot mode or AMD Hardware Verified Boot to achieve this.

Finally, we have memory, which is recommended to be at a minimum of 8GB. I am unsure why this is a security requirement, rather than just a performance requirement for Windows.

Firmware Standards
A computer's firmware is also expected to meet certain requirements to be a highly secure computer. These requirements are:

  • Systems must have firmware that implements Unified Extension Firmware Interface (UEFI) version 2.4 or later.
  • Systems must have firmware that implements UEFI Class 2 or UEFI Class 3.
  • All drivers shipped inbox must be Hypervisor-based Code Integrity (HVCI) compliant.
  • System's firmware must support UEFI Secure Boot and must have UEFI Secure Boot enabled by default.
  • System's firmware must implement Secure MOR revision 2.
  • Systems must support the Windows UEFI Firmware Capsule Update specification.

Meeting these standards is not that expensive
After seeing the above requirements, you may be thinking that a computer that meets these standard would be costly. Surprisingly, it's not as bad as I expected. For example, this ASUS P-Series P2540UA-AB51 appears to meet all of the requirements listed above and does so for $499 USD. I am sure if I searched harder, I could find even cheaper machines.

Unfortunately, many consumer based computers would not be 100% compliant with the above requirements, simply because many do not include a TPM module. For those looking for a consumer based computer, you should look for ones whose motherboards contain a TPM socket that you use to install a TPM module.







« Intel Core Processor Combines CPU with Discrete Graphics & HBM2 From AMD · Microsoft Releases Standards for Secure Windows 10 Devices · SteelSeries Launches Arctis 3 Bluetooth Headset »

Related Stories

Microsoft ends its free Windows 10 upgrades December 31st - 11/06/2017 09:48 AM
Remember that loophole to upgrade to Windows 10 for free? It appears the end of that deal is coming on December 31. So if you still want to update an older version of Windows towards Windows 10 for fr...

Microsoft releases cumulative updates for Windows 10 ahead of regular Patch Tuesday - 11/06/2017 09:48 AM
Microsoft has released cumulative updates for Windows outside its regular Patch Tuesday updates cycle. The company today released updates for Windows 10 Creators Update (build 1703), Windows 10 Nove...

Awkward: Edge fails during demo at Microsoft Ignite conference - 11/02/2017 09:25 AM
A bit of an awkward yet funny moment for Microsoft, at the Microsoft Ignite conference they where presenting Azure infrastructure and cloud platforms with Microsoft Edge. Edge however fails, so ho...

FTC settles with operators of infamous fake Microsoft tech support scam - 10/30/2017 09:37 AM
The FTC announced it settled with two Microsoft scammers. The criminals tried to convince internet users that their computer was infected with malware and then billed them hundreds of dollars for unne...

Microsoft’s security software causes some Windows PCs to no longer boot - 10/27/2017 08:48 AM
And it's related to a false positive. Windows Defender and Microsoft Security Essentials cause some Windows computers to produce a failed boot. The software falsely identifies the bootloader of open...


DLD
Senior Member



Posts: 887
Joined: 2002-09-14

#5491186 Posted on: 11/10/2017 08:47 PM
M$ is here concerned with two things only: disabling the use of pirated window$, and being able to sneak-peek into the people's PCs, hand in hand with NSA & co...

Mufflore
Senior Member



Posts: 13513
Joined: 2010-05-22

#5491392 Posted on: 11/11/2017 06:39 PM
It doesnt consider the main issue, keeping MS out of my PC.
Data still isnt secure, it leaks out.

sykozis
Senior Member



Posts: 22075
Joined: 2008-07-14

#5491472 Posted on: 11/12/2017 01:13 AM
Microsoft specifically recommends an Intel Kaby Lake processor.....for security....and a TPM module... What good is that TPM module going to do when IME gets compromised? Or IF MS gets hacked? Or if Facebook, Twitter, Google, etc get hacked? Didn't know a TPM module could encrypt all that data that is mined from our computers, while it's stored on servers all over the world.... Shit....let me go enable my TPM module so my next upgrade is just as much a PITA as the last was....

DLD
Senior Member



Posts: 887
Joined: 2002-09-14

#5491527 Posted on: 11/12/2017 05:05 AM
micro$hitting and throwing dust into our eyes, that's all they do (and ever did)...

Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022