Which processor should you get?
Microsoft’s “highly secure” Windows 10 device standard applies to devices running Windows 10 FCU with 7th Gen Intel (Core i3, i5, i7, i9-7x, M3-7xxx, and XeonE3-xxx) or AMD (A Series Ax-9xxx, E-Series Ex-9xxx, FX-9xxx) and 8GB as minimum system memory.
You should prefer a 64-bit CPU
Although 32-bit CPUs for computers are almost nowhere to be seen in the market, Microsoft still explicitly mandates that the processor must support 64-bit instructions.
That’s because the Windows hypervisor only works with 64-bit chips. It’s needed to run VBS (Virtualization-based security) which powers various security features in Windows 10 such as Device Guard and Credential Guard.
TPM 2.0 required
A highly secure Windows 10 device must be running version 2.0 of the TPM (Trusted Platform Module) and meet Microsoft specifications for the Trustworthy Computing Group (TCG) specification. Further, it should have cryptographically signed platform boot which can be enabled via Intel Boot Guard in Verified Mode, AMD Hardware Verified Boot, or an OEM equivalent for the same.
What about the virtualization?
Virtualization requirements include that the system should have Intel VT-d, AND-Vi, or ARM64 SMMUs to support input-output memory management unit (IOMMU) device virtualization. And to enable support for VM extensions with SLAT (Second-Level Translation), the system should have Intel Vt-x with Extended Page Tables (EPT) or AMD-v with Rapid Virtualization Indexing (RVI).
The device should run UEFI 2.4
As a part of the firmware requirements for a highly secure Windows 10 device, Microsoft says the system should implement UEFI (Unified Extension Firmware Interface) 2.4 or above, the drivers must be HVCI (Hypervisor-based Code Integrity) compliant and support UEFI Firmware Capsule Update specification.
Now, meeting all of these requirements set forth by Microsoft might sound like a tough deal. But it seems, it isn’t as costly as one might assume. You can find Windows 10 PCs running 7th Gen Intel chips and 8 gigs of RAM for as low as $500. Even the laptop I bought last year fulfills almost all of the requirements mentioned above.
You shouldn’t worry about the geekier stuff such as the virtualization specs, TPM version, UEFI version, as it would be the PC makers who would have to make sure the devices stick to all the requirements.
Read the Microsoft document in detail using this link.
Try to check your Windows 10 PC and see how secure is it. Drop your thoughts in the comments.