Hardware and Firmware Standards for a Secure Windows 10 Device

With regular security updates and enhancements, Microsoft has been extremely proactive trying to keep its devices and the Windows 10 operating system (OS) safe from any sort of threats. Following the same approach, the company has released a set of new instructions which would secure the devices running on the Windows 10 OS even better. This article details out the minimum hardware and firmware requirements for having systems which can be termed as highly secure Windows 10 device.

Hardware and Firmware Standards for a Secure Windows 10 Device

Standards for Highly Secure Windows 10 Device

Before getting into the details, users need to note that these standards are for general purpose desktops, laptops, tablets, 2-in-1’s, mobile workstations, and desktops. Also, these security recommendations apply to Windows 10 version 1709, Fall Creators Update.

Hardware

The hardware side list laid down by Microsoft is very specific. For those who are planning to buy new Windows machines should pay close attention to these requirements, because they can cost them the difference between security and exposure to outside threats.

  • Processor Generation

Devices must have the latest certified silicon chip that supports the OS. Intel through 7th generation Processors (Intel i3/i5/i7/i9-7x), Core M3-7xxx and Xeon E3-xxxx and current Intel Atom, Celeron and Pentium Processors. On the AMD side, through the 7th generation processors (A Series Ax-9xxx, E-Series Ex-9xxx, FX-9xxx)

  • Process Architecture

Microsoft suggested that 64-bit support is necessary for secure devices, which includes modern AMD64/x64 processors, as well as ARMv8.2 CPUs.

  • Virtualization

VBA is Microsoft’s latest star for Windows security. To ensure it works, it needs a processor which is capable of input-output memory management unit (IOMMU) virtualization, VM extensions with second level address translation (SLAT), and I/O device protection by IOMMU or system memory management unit (SMMU).

  • Trusted Platform Module (TPM)

To support the requirement for Trusted Platform Module version 2.0, Windows 10 device would need Intel PTT, AMD, or a discrete Trusted Platform Module from Infineon, STMicroelectronics, or Nouvoton Platform Boot Verification

  • RAM

Windows 10 Systems must have 8 gigabytes or more of system RAM.

Firmware

The firmware section is divided into six different categories:

  • Standard and Class – Unified Extension Firmware Interface (UEFI) version 2.4 or later, and Class 2 or Class 3.
  • Drivers – Must be Hypervisor-based Code Integrity (HVCI) compliant.
  • UEFI Secure Boot – Must be enabled by default.
  • Secure MOR – System’s firmware must implement Secure MOR revision 2.
  • Update Mechanism – Must support the Windows UEFI Firmware Capsule Update

Conclusion

These new hardware and firmware requirements for “highly secure Windows 10 devices” are quite reasonable and they should enable the development of Windows 10 devices which have a baseline of security. For those who are looking to buy a new “highly secure” Windows 10 device should follow this list of standards.

Posted by on , in Category Security with Tags

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.