mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 18:33:43 +00:00
Update how-hardware-based-root-of-trust-helps-protect-windows.md
acrolinx improvements
This commit is contained in:
Lovina Saldanha
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: How a Windows Defender System Guard helps protect Windows 10
|
title: How a Windows Defender System Guard helps protect Windows 10
|
||||||
description: Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof. Learn how it works.
|
description: Windows Defender System Guard re-organizes the existing Windows 10 system integrity features under one roof. Learn how it works.
|
||||||
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
|
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
@ -37,13 +37,13 @@ With Windows 10 running on modern hardware (that is, Windows 8-certified or grea
|
|||||||
This hardware-based root of trust comes from the device’s Secure Boot feature, which is part of the Unified Extensible Firmware Interface (UEFI).
|
This hardware-based root of trust comes from the device’s Secure Boot feature, which is part of the Unified Extensible Firmware Interface (UEFI).
|
||||||
This technique of measuring the static early boot UEFI components is called the Static Root of Trust for Measurement (SRTM).
|
This technique of measuring the static early boot UEFI components is called the Static Root of Trust for Measurement (SRTM).
|
||||||
|
|
||||||
As there are thousands of PC vendors that produce numerous models with different UEFI BIOS versions, there becomes an incredibly large number of SRTM measurements upon bootup.
|
As there are thousands of PC vendors that produce many models with different UEFI BIOS versions, there becomes an incredibly large number of SRTM measurements upon bootup.
|
||||||
Two techniques exist to establish trust here—either maintain a list of known 'bad' SRTM measurements (also known as a block list), or a list of known 'good' SRTM measurements (also known as an allow list).
|
Two techniques exist to establish trust here—either maintain a list of known 'bad' SRTM measurements (also known as a block list), or a list of known 'good' SRTM measurements (also known as an allow list).
|
||||||
Each option has a drawback:
|
Each option has a drawback:
|
||||||
|
|
||||||
- A list of known 'bad' SRTM measurements allows a hacker to change just 1 bit in a component to create an entirely new SRTM hash that needs to be listed. This means that the SRTM flow is inherently brittle - a minor change can invalidate the entire chain of trust.
|
- A list of known 'bad' SRTM measurements allows a hacker to change just 1 bit in a component to create an entirely new SRTM hash that needs to be listed. This means that the SRTM flow is inherently brittle - a minor change can invalidate the entire chain of trust.
|
||||||
- A list of known 'good' SRTM measurements requires each new BIOS/PC combination measurement to be carefully added, which is slow.
|
- A list of known 'good' SRTM measurements requires each new BIOS/PC combination measurement to be carefully added, which is slow.
|
||||||
In addition, a bug fix for UEFI code can take a long time to design, build, retest, validate, and redeploy.
|
Also, a bug fix for UEFI code can take a long time to design, build, retest, validate, and redeploy.
|
||||||
|
|
||||||
### Secure Launch—the Dynamic Root of Trust for Measurement (DRTM)
|
### Secure Launch—the Dynamic Root of Trust for Measurement (DRTM)
|
||||||
|
|
||||||
@ -67,18 +67,18 @@ To defend against this, two techniques are used:
|
|||||||
- Paging protection to prevent inappropriate access to code and data
|
- Paging protection to prevent inappropriate access to code and data
|
||||||
- SMM hardware supervision and attestation
|
- SMM hardware supervision and attestation
|
||||||
|
|
||||||
Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering. This prevents access to any memory that has not been specifically assigned.
|
Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering. This prevents access to any memory that has not been assigned.
|
||||||
|
|
||||||
A hardware-enforced processor feature known as a supervisor SMI handler can monitor the SMM and make sure it does not access any part of the address space that it is not supposed to.
|
A hardware-enforced processor feature known as a supervisor SMI handler can monitor the SMM and make sure it doesn't access any part of the address space that it isn't supposed to.
|
||||||
|
|
||||||
SMM protection is built on top of the Secure Launch technology and requires it to function.
|
SMM protection is built on top of the Secure Launch technology and requires it to function.
|
||||||
In the future, Windows 10 will also measure this SMI Handler’s behavior and attest that no OS-owned memory has been tampered with.
|
In the future, Windows 10 will also measure this SMI Handler’s behavior and attest that no OS-owned memory has been tampered with.
|
||||||
|
|
||||||
## Validating platform integrity after Windows is running (run time)
|
## Validating platform integrity after Windows is running (run time)
|
||||||
|
|
||||||
While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We should be able to trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. When it comes to platform integrity, we can’t just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device’s integrity.
|
While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We can trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. When it comes to platform integrity, we can’t just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device’s integrity.
|
||||||
|
|
||||||
As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). System Guard Secure Launch will not support earlier TPM versions, such as TPM 1.2. This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few.
|
As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). System Guard Secure Launch won't support earlier TPM versions, such as TPM 1.2. This process and data are hardware-isolated away from Windows to help ensure that the measurement data isn't subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user