News

Certified Secured-Core Server Products Now Available for Azure Stack HCI and Windows Server 2022

Microsoft announced on Tuesday that certified Secured-core server hardware products are now available for running Azure Stack HCI and Windows Server 2022 software implementations.

The announcement pointed to Hewlett Packard Enterprise Gen 10 Plus server hardware with Secured-core server support for Azure Stack HCI. On the Windows Server 2022 side, Secured-core server products are available from Dell, Hewlett Packard Enterprise, NEC and Lenovo, per this Windows Server Catalog page. Windows Server 2022 reached "general availability" (commercial release) status back in September.

Microsoft touted its browser-based Windows Admin Center as enabling easy management of various Secured-core server capabilities.

"The Windows Admin Center UI allows you to easily configure the six features that encompass Secured-core server: Hypervisor Enforced Code Integrity, Boot Direct Memory Access (DMA) Protection, System Guard, Secure Boot, Virtualization-based security, and Trusted Platform Module 2.0."

Microsoft began requiring the use of Trusted Platform Module 2.0 chips and Secure Boot protections in new Windows Server hardware in 2021, as announced a year-and-a-half ago. Secure boot and TPM 2.0 chips ensure that boot loaders are properly signed via a hardware root of trust.

However, in late 2018, researchers found that Secure Boot alone wasn't wholly adequate, which led to the Secured-core products. Secured-core systems add other protections on top of Secure Boot.

Secured-core products add Dynamic Root of Trust for Measurement, which is software that assures that the boot process hasn't been tampered with. Also added is Kernel Direct Memory Access, which ensures memory isolation is supported by PCI devices before running them. The addition of Virtualization-Based Security protects credentials by creating a secure memory region away from the operating system. Also, Hypervisor-Based Code Integrity in Secured-core systems works with Virtualization-Based Security to "check the integrity of kernel mode drivers and binaries before they are started," explained Sonia Cuff of Microsoft, in this "Introduction to Secured-core computing" post.

Secured-core PC products also exist. They've been available for a couple of years.

Windows 11 ups the processor requirements for secured-core machines.  Microsoft's rationale for making that change can be found in this talk between Scott Hanselman, partner program manager at Microsoft, and David Weston, director of enterprise and OS security for Windows at Microsoft.

Back in March, Weston indicated that the certified Secured-core approach would also be coming for edge devices or Internet of Things machines at some point.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • The 2022 Microsoft Product Roadmap

    Microsoft has a lot in the docket for 2022, including new products like SQL Server 2022, Exchange Subscription Edition and Visual Studio 2022 for Mac.

  • Report: IT Budgets To Increase Despite Slowdown in Hiring

    A newly published annual report found that 51 percent of IT departments are planning to increase their IT spending next year, even in the face of a possible recession.

  • Microsoft Bolsters 'Employee Experience' with Latest Viva Apps

    Microsoft's Viva suite is getting new apps and enhancements, according to an announcement made on Thursday.

  • Microsoft Releases Windows 11 Version 22H2

    The latest version of Windows 11, known as "version 22H2," officially has been released.