Manufacturers making Windows 10 PCs, smartphones and tablets will be required from today to support the Trusted Platform Module 2.0 standard for every Windows 10 device they produce.
Microsoft has mandated the hardware changes in a bid to improve Windows security, as the firm incorporates support for TPM 2.0 into the Anniversary Edition of Windows 10 which will be rolled out from 2 August.
TPM 2.0 is an international standard led by the Trusted Computing Group. It provides a secure area to store authentication keys built in to the hardware of the device. The TPM 2.0 function can be firmware-based, integrated into the silicon or a module in the device.
The standard provides cryptographic features embedded in silicon and into the device, and supports new authentication modes and algorithms, including SHA-2 and SHA-256.
A number of Windows 10 features, including BitLocker, Credential Guard, Measured Boot, Device Health Attestation and Virtual Smartcard, all require TPM, and their security ought to be improved by TPM 2.0.
TPM 2.0 needs to be built in to devices as follows:
- An ‘endorsement key' certificate must be pre-provisioned to the device's TPM when it is built, and capable of being retrieved on first boot-up.
- It must ship with SHA-2 cryptographic hash functions in the platform configuration register, a memory location in the TPM.
- It must support for the TPM2_HMAC command.
The forthcoming Anniversary Update to Windows 10 will complete the work that Microsoft has done to support TPM 2.0 in the operating system. It will be shipped from 2 August and auto-updated to all Windows 10 devices. Prior to this, Windows 10 had supported only version 1.0 of the TPM.
Part of Microsoft's plan is to push the Windows Hello authentication security, which uses biometrics to log users in, across all Windows 10-based devices. The security system supports face, fingerprint and iris recognition, enabling users to log-in with just a glance, at least in theory.
Windows Hello is being integrated into Microsoft PCs, smartphones and tablets, along with the Xbox games console and the HoloLens augmented reality headset.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away