08 November 17, 19:05
Microsoft has published security standards for devices based on Windows 10
![[Image: d4e2f4dff96e.jpg]](http://s011.radikal.ru/i315/1711/e3/d4e2f4dff96e.jpg)
Microsoft has published a new list of recommended security standards for devices running Windows 10.
The standards include a number of hardware and software requirements that guarantee maximum protection for the device.
The hardware requirements are divided into 6 categories: processor generation, processor architecture, virtualization, Trusted Platform Module (TPM) cryptographic specifications, boot loader verification and RAM.
Microsoft recommends the use of Intel and AMD processors of the 7th generation. According to the security researcher from the Windows Offensive Security Team, Dave Weston, the 7th generation processors contain a mode based execution execution control (MBEC), which provides additional kernel security. The requirements for the processor architecture include the presence of a 64-bit processor, since only a virtualization-based security (VBS) -based security feature is available.
In addition, devices running Windows 10 should support Intel VT-d, AMD-Vi or ARM64 SMMU to take advantage of I / O's innovative I / O memory (IOMMU). To use the Second Layer Address Translation (SLAT) function, processors must support Intel Vt-x with Extended Page Tables (EPT) or AMD-v with Rapid Virtualization Indexing (RVI).
Another recommended component is the Trusted Platform Module cryptographic specification - a hardware module integrated into a computer chipset, or purchased as a separate module for supported motherboards, which is responsible for the secure generation of cryptographic keys, their storage, secure generation of random numbers, and hardware authentication.
Microsoft also emphasizes the importance of the platform loader verification function, which prevents the download of firmware developed by anyone other than the system manufacturer.
The optimal amount of RAM should be at least 8 GB.
Also Microsoft puts forward the following requirements to the software of the device:
- The system should have a firmware, in which the Unified Extension Firmware Interface (UEFI) version 2.4 or higher is implemented.
- The system must have a firmware in which UEFI Class 2 or UEFI Class 3 is implemented.
- All drivers must be compatible with the Hypervisor-based Code Integrity (HVCI) tool.
- The firmware of the system must support UEFI Secure Boot. This function must be activated by default.
- The Secure MOR revision 2 tool should be implemented in the firmware of the system.
- The system must support the specification of the Windows firmware update UEFI Firmware Capsule Update.
Microsoft has published a new list of recommended security standards for devices running Windows 10.The standards include a number of hardware and software requirements that guarantee maximum protection for the device.
The hardware requirements are divided into 6 categories: processor generation, processor architecture, virtualization, Trusted Platform Module (TPM) cryptographic specifications, boot loader verification and RAM.
Microsoft recommends the use of Intel and AMD processors of the 7th generation. According to the security researcher from the Windows Offensive Security Team, Dave Weston, the 7th generation processors contain a mode based execution execution control (MBEC), which provides additional kernel security. The requirements for the processor architecture include the presence of a 64-bit processor, since only a virtualization-based security (VBS) -based security feature is available.
In addition, devices running Windows 10 should support Intel VT-d, AMD-Vi or ARM64 SMMU to take advantage of I / O's innovative I / O memory (IOMMU). To use the Second Layer Address Translation (SLAT) function, processors must support Intel Vt-x with Extended Page Tables (EPT) or AMD-v with Rapid Virtualization Indexing (RVI).
Another recommended component is the Trusted Platform Module cryptographic specification - a hardware module integrated into a computer chipset, or purchased as a separate module for supported motherboards, which is responsible for the secure generation of cryptographic keys, their storage, secure generation of random numbers, and hardware authentication.
Microsoft also emphasizes the importance of the platform loader verification function, which prevents the download of firmware developed by anyone other than the system manufacturer.
The optimal amount of RAM should be at least 8 GB.
Also Microsoft puts forward the following requirements to the software of the device:
- The system should have a firmware, in which the Unified Extension Firmware Interface (UEFI) version 2.4 or higher is implemented.
- The system must have a firmware in which UEFI Class 2 or UEFI Class 3 is implemented.
- All drivers must be compatible with the Hypervisor-based Code Integrity (HVCI) tool.
- The firmware of the system must support UEFI Secure Boot. This function must be activated by default.
- The Secure MOR revision 2 tool should be implemented in the firmware of the system.
- The system must support the specification of the Windows firmware update UEFI Firmware Capsule Update.
![[-]](https://www.geeks.fyi/images/collapse.png "[-]")
