The hardware section consist of half a dozen sub-categories that read almost like a list of recommended requirements for a game. At the top of the list is the processor. In order to have a highly security Windows 10 device, Microsoft calls for a 7th generation Intel or AMD processor. Why not 6th generation chips? Dave Weston, the Windows Offensive Team and Windows Device Security manager, addressed the topic on Twitter saying that 7th generation processors have a security feature called 'mode based execution control' (MBEC). In short, this MBEC provides an extra layer of protection from malware attacks in a virtualized environment.
MBEC is important for VBS— Dave dwizzzle Weston (@dwizzzleMSFT) November 6, 2017
As for the firmware, Microsoft requires the following:
- Systems must have firmware that implements Unified Extension Firmware Interface (UEFI) version 2.4 or later.
- Systems must have firmware that implements UEFI Class 2 or UEFI Class 3.
- All drivers shipped inbox must be Hypervisor-based Code Integrity (HVCI) compliant.
- System's firmware must support UEFI Secure Boot and must have UEFI Secure Boot enabled by default.
- System's firmware must implement Secure MOR revision 2.
- Systems must support the Windows UEFI Firmware Capsule Update specification.
The challenge for consumers who care about this will be digging into a product's specs to see if it meets Microsoft's new security standards. There does not appear to be any kind of marketing badge that Microsoft's hardware partners can use. That may change in time, but for now, it's up to the consumer to do their research.