Microsoft announces secure kernel hardware for Windows Server 2022 and Azure STack HCI –


Microsoft announces secure kernel hardware for Windows Server 2022 and Azure Stack HCI

Secured-core certified server hardware products are now available to run Azure Stack HCI and Windows Server 2022 software implementations, according to an announcement Tuesday.

The announcement highlighted Hewlett Packard Enterprise Gen 10 Plus server hardware with Secured-core server support for Azure Stack HCI. On the Windows Server 2022 side, Secured-core server products are available from Dell, Hewlett Packard Enterprise, NEC, and Lenovo, e.g. this page of the Windows Server catalog. Windows Server 2022 achieved “general availability” (retail) status in September.

Microsoft has touted its browser-based Windows Admin Center as allowing easy management of various Secured-core server capabilities.

“The Windows Admin Center user interface allows you to easily configure the six features that encompass the secure-core server: hypervisor-enhanced code integrity, DMA protection, boot-time protection System, Secure Boot, Virtualization-Based Security, and Trusted Platform Module 2.0. “

Microsoft began requiring the use of Trusted Platform Module 2.0 chips and Secure Boot protections in new Windows Server hardware in 2021, as announced a year and a half ago. Secure Boot and TPM 2.0 chips ensure that boot loaders are properly signed through a hardware root of trust.

However, in late 2018, researchers discovered that Secure Boot on its own was not quite adequate, which led to Secured-core products. Secure kernel systems add other protections in addition to secure boot.

Kernel Secure products add dynamic root of trust for measurement, software that ensures the boot process has not been tampered with. Direct access to kernel memory is also added, which ensures that memory isolation is taken care of by PCI devices before they are executed. Adding virtualization-based security protects credentials by creating a secure region of memory away from the operating system. Additionally, hypervisor-based code integrity in secure kernel systems works with virtualization-based security to “verify the integrity of kernel-mode drivers and binaries before they start,” explained Sonia Cuff. from Microsoft, in this article “Introduction to secure computing”.

Secure PC products also exist. They have been available for a few years.

Windows 11 increases the processor requirements for secure-core machines. Microsoft’s rationale for making this change can be found in this speech between Scott Hanselman, Partner Program Manager at Microsoft, and David Weston, Director of Enterprise Security and Windows Operating System at Microsoft.

Back in march, Weston has indicated that the Certified Secured-core approach will also arrive for edge devices or IoT machines at some point.

About the Author

Kurt Mackie is Senior News Producer for 1105 Media’s Converge360 Group.

Comments are closed.