Microsoft defines Standards for ‘Highly Secure Windows 10 Devices’ with Fall Creators Update

Microsoft has updated their recommendation for Highly Secure Windows 10 Devices including general purpose desktops, laptops, tablets, 2-in-1’s, mobile workstations, and desktops. This is in line with the recently launched Windows 10 Fall Creators Update, version 1709.

Here is an excerpt from the recommendations:

Processor generation:

• Intel through 7th generation Processors (Intel i3/i5/i7/i9-7x), Core M3-7xxx and Xeon E3-xxxx and current Intel Atom, Celeron and Pentium Processors
• AMD through the 7th generation processors (A Series Ax-9xxx, E-Series Ex-9xxx, FX-9xxx)

Process Architecture:

Virtualization-based security (VBS) features require the Windows hypervisor, which is only supported on 64-bit IA processors, or ARM v8.2 CPUs

Virtualization:

• For IOMMU, the system must have Intel VT-d, AMD-Vi, or ARM64 SMMUs
• For SLAT, the system must have Intel Vt-x with Extended Page Tables (EPT), or AMD-v with Rapid Virtualization Indexing (RVI)

Trusted Platform Module (TPM):

Intel (PTT), AMD, or discrete TPM from Infineon, STMicroelectronics, Nuvoton

Platform boot verification:

Intel Boot Guard in Verified Boot mode, or AMD Hardware Verified Boot, or an OEM equivalent mode with similar functionality

RAM:

Systems must have 8 gigabytes or more of system RAM

Firmware:

When it comes to Firmware, those devices must implement UEFI 2.4 or later (latest is UEFI 2.7), and UEFI Class 2 or 3. It should also have UEFI Secure Boot, Secure MOR (memory overwrite request) revision 2 security feature, and systems must support the Windows UEFI Firmware Capsule Update specification,

That said, TomsHardware rightly comments, that Microsoft needs to come with a new certification program,  “Secure Windows 10 device” badge to allow OEMs to differentiate from competitors based on this certification and give them a good reason to adopt these requirements in the first place.

Source: Microsoft | via TomsHardware