Want to Use a Secure Machine? Microsoft Shares a List of Rules for a Highly Secure Windows 10 Device
Microsoft has released new instructions for consumers to follow to create "highly secure" Windows 10 devices. In the document, the Redmond software maker has shared minimum hardware and software requirements for this system. "These standards are for general purpose desktops, laptops, tablets, 2-in-1’s, mobile workstations, and desktops," the company wrote. The instructions only apply on the company's latest Windows 10 Fall Creators Update version 1709.
Do you own a highly secure Windows 10 machine?
In the recently published document, the company has highlighted requirements for a highly secure Windows 10 device, focusing on 6 categories of hardware.
- Processor: Intel through 7th generation Processors (Intel i3/i5/i7/i9-7x), Core M3-7xxx and Xeon E3-xxxx and current Intel Atom, Celeron and Pentium Processors | AMD through the 7th generation processors (A Series Ax-9xxx, E-Series Ex-9xxx, FX-9xxx)
- Process architecture: Virtualization-based security (VBS) features require the Windows hypervisor, which is only supported on 64-bit IA processors, or ARM v8.2 CPUs
- Virtualization: For IOMMU, the system must have Intel VT-d, AMD-Vi, or ARM64 SMMUs
For SLAT, the system must have Intel Vt-x with Extended Page Tables (EPT), or AMD-v with Rapid Virtualization Indexing (RVI)
- Trusted Platform Module (TPM): Intel (PTT), AMD, or discrete TPM from Infineon, STMicroelectronics, Nuvoton
- Platform boot verification: Intel Boot Guard in Verified Boot mode, or AMD Hardware Verified Boot, or an OEM equivalent mode with similar functionality
- RAM: must have 8 gigabytes or more
The firmware section is further divided into six more categories, focusing on code integrity and update mechanism, among others. The company recommends that the firmware implements Unified Extension Firmware Interface (UEFI) version 2.4 or later and that it supports the Windows UEFI Firmware Capsule Update specification.
While many mainstream consumer products probably won't meet these requirements, those who are interested in using a Windows 10 device that's "highly secure" can follow this list of standards when buying a new product.
- More details and complete set of recommendations can be viewed here.