Microsoft brings Secured-core label for extra security requirements to servers
Microsoft will also release its Secured-core quality mark for servers in the future. The security initiative aims to make devices more secure and requires a number of hardware and software requirements such as secure boot and rpm 2.0. HVCI will then run on those servers.
Microsoft is thus further expanding the existing program. The company introduced Secured-core in 2019, but only for PC makers. Now that program is also used for servers. This concerns both devices that run Windows Server and Azure Stack HCI and iot devices that are Azure-certified. Manufacturers can work with Microsoft to verify their equipment as Secured core.
A manufacturer must meet various requirements before it can be covered by the Secured-core label. For example, devices must contain at least rpm 2.0 and have secure boot turned on. Servers must also use a trusted execution environment enabled by a dynamic root of trust for measurement. This prevents unreliable code from starting during boot. The company says it will announce more requirements for the label in the future.
Servers under the Secured-core label run on Hypervisor-Protected Code Integrity or HVCI. This allows a server to start only if the code has been pre-verified. For example, the Hypervisor determines permissions to prevent memory attacks. Microsoft says the plan is intended to counter major cyber-attacks. The company specifically mentions REvil’s ransomware infections, which the company says could have been prevented with HVCI.