Server security and platform Integrity are critical requirements in today’s datacenter, edge, and cloud environments. Many Windows Server customers have relied on built-in security capabilities such as Secure boot and BitLocker to protect their infrastructure. These capabilities are enhanced when combined with proper underlying server hardware such as Trusted Platform Module (TPM) or adequate Unified Extensible Firmware Interface (UEFI) feature support. While pervasive on x64 servers, these hardware capabilities are optional on servers that are shipping today.
In the next major release, Microsoft will raise the security standard for Windows Server hardware certification to include these capabilities by default. This change will give customers increased confidence they are deploying Windows Server on platforms that maximize platform integrity without having to modify their RFP process. The new Windows Server certification will require TPM 2.0 installed and enabled by default. For systems that have the next major Windows Server preinstalled, Secure Boot will be enabled by default. These requirements apply to servers where Windows Server will run, including bare metal, virtual machines (guests) running on Hyper-V or on third party hypervisors approved through the Server Virtualization Validation Program (SVVP).
These changes will enhance and automate built-in security on the next major Windows Server release.
Secure boot is a fundamental security tool since it ensures that systems boot into a trusted operating system environment so that malware like rootkits cannot subvert the boot process. Since code running during the boot process has privileged access to system resources and performs many critical security initialization steps, malicious code that tries to hijack the boot process can have a very harmful impact. There have been a number of articles written in recent years that document the serious and detrimental outcomes that vulnerabilities like this can expose. By ensuring that only code signed by trusted authorities runs during the boot process, secure boot mitigates this security risk and also provides a solid foundation for the security platform of the operating system.
TPM2.0 provides hardware support for securely performing measurements for attestation and storing keys. The Secure Boot process described earlier can be measured using the TPM2.0 where each step in the boot process is captured and stored securely by the TPM. Anyone operating the system can then use a service that can ask for the TPM to provide a tamper-evident report to check whether the system booted as expected. BitLocker is a native volume encryption solution for Windows Server and leverages the TPM2.0 to provide enhanced security. BitLocker leverages the TPM to ensure that volumes are only decrypted if the system booted as expected by the measurements captured in the TPM. Paired with Network Unlock, the TPM provides a scalable and secure management solution for BitLocker encryption ensuring that sensitive data is kept more secure.
Looking ahead, secure boot and TPM2.0 will serve as the core building blocks for Windows Server security and provide customers with strengthened baseline security for systems available from the ecosystem. The enforcement of these requirements will be applied to new server platforms introduced to market after January 1, 2021. Existing server platforms will include Additional Qualification certification to help customers identify systems that meet these requirements, similar to the current Assurance AQ for Windows Server 2019 today.