How To Create A Highly Secure Windows 10 PC, According To Microsoft

Highly secure Windows 10 devices
Image: Windows Blog
Who is the most appropriate to suggest the requirements of a highly secure Windows 10 device? Apparently, it’s Microsoft. The Windows-maker has released a new document that details the hardware and firmware requirements to improve the security of Windows 10 devices including laptops, desktops, convertibles, etc.

Which processor should you get?

Microsoft’s “highly secure” Windows 10 device standard applies to devices running Windows 10 FCU with 7th Gen Intel (Core i3, i5, i7, i9-7x, M3-7xxx, and XeonE3-xxx) or AMD (A Series Ax-9xxx, E-Series Ex-9xxx, FX-9xxx) and 8GB as minimum system memory.

You should prefer a 64-bit CPU

Although 32-bit CPUs for computers are almost nowhere to be seen in the market, Microsoft still explicitly mandates that the processor must support 64-bit instructions.

That’s because the Windows hypervisor only works with 64-bit chips. It’s needed to run VBS (Virtualization-based security) which powers various security features in Windows 10 such as Device Guard and Credential Guard.

TPM 2.0 required

A highly secure Windows 10 device must be running version 2.0 of the TPM (Trusted Platform Module) and meet Microsoft specifications for the Trustworthy Computing Group (TCG) specification. Further, it should have cryptographically signed platform boot which can be enabled via Intel Boot Guard in Verified Mode, AMD Hardware Verified Boot, or an OEM equivalent for the same.

What about the virtualization?

Virtualization requirements include that the system should have Intel VT-d, AND-Vi, or ARM64 SMMUs to support input-output memory management unit (IOMMU) device virtualization. And to enable support for VM extensions with SLAT (Second-Level Translation), the system should have Intel Vt-x with Extended Page Tables (EPT) or AMD-v with Rapid Virtualization Indexing (RVI).

The device should run UEFI 2.4

As a part of the firmware requirements for a highly secure Windows 10 device, Microsoft says the system should implement UEFI (Unified Extension Firmware Interface) 2.4 or above, the drivers must be HVCI (Hypervisor-based Code Integrity) compliant and support UEFI Firmware Capsule Update specification.

Now, meeting all of these requirements set forth by Microsoft might sound like a tough deal. But it seems, it isn’t as costly as one might assume. You can find Windows 10 PCs running 7th Gen Intel chips and 8 gigs of RAM for as low as $500. Even the laptop I bought last year fulfills almost all of the requirements mentioned above.

You shouldn’t worry about the geekier stuff such as the virtualization specs, TPM version, UEFI version, as it would be the PC makers who would have to make sure the devices stick to all the requirements.

Read the Microsoft document in detail using this link.

Try to check your Windows 10 PC and see how secure is it. Drop your thoughts in the comments.

Also Read: Big News: Intel And AMD Are Teaming Up To Produce A New Laptop Chip With Radeon Graphics
Aditya Tiwari

Aditya Tiwari

Aditya likes to cover topics related to Microsoft, Windows 10, Apple Watch, and interesting gadgets. But when he is not working, you can find him binge-watching random videos on YouTube (after he has wasted an hour on Netflix trying to find a good show). Reach out at [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job