program-requirements-edge-secured-core.md

title	description	author	ms.author	ms.topic	ms.date	ms.custom	ms.service	zone_pivot_groups
Edge Secured-core Certification Requirements	Edge Secured-core Certification program requirements	cbroad	cbroad	conceptual	05/15/2021	Edge Secured-core Certification Requirements	certification	app-service-platform-windows-linux

Azure Certified Device - Edge Secured-core (Preview)

Edge Secured-Core certification requirements

Program purpose

Edge Secured-core is an incremental certification in the Azure Certified Device program for IoT devices running a full operating system, such as Linux or Windows 10 IoT.This program enables device partners to differentiate their devices by meeting an additional set of security criteria. Devices meeting this criteria enable these promises:

1. Hardware-based device identity
2. Capable of enforcing system integrity
3. Stays up to date and is remotely manageable
4. Provides data at-rest protection
5. Provides data in-transit protection
6. Built in security agent and hardening

Preview Program Support

While in public preview, we are supporting a small number of partners to pre-validate devices against the Edge Secured-core program requirements. If you would like participate in the Edge Secured-core public preview, please contact iotcert@microsoft.com

Overview content ::: zone pivot="platform-windows"

Windows IoT OS Support

Edge Secured-core for Windows IoT requires Windows 10 IoT Enterprise version 1903 or greater

• Windows 10 IoT Enterprise Lifecycle

Note

The Windows secured-core tests require you to download and run the following package (https://aka.ms/Scforwiniot) from an Administrator Command Prompt on the IoT device being validated.

Windows IoT Hardware/Firmware Requirements

Note

Hardware must support and have the following enabled:

• Intel or AMD virtualization extensions
• Trusted Platform Module (TPM) 2.0
• For Intel systems: Intel Virtualization Technology for Directed I/O (VT-d), Intel Trusted Execution Technology (TXT), and SINIT ACM driver package must be included in the Windows system image (for DRTM)
• For AMD systems: AMD IOMMU and AMD-V virtualization, and SKINIT package must be integrated in the Windows system image (for DRTM)
• Kernel DMA Protection (also known as Memory Access Protection)

---

Name	SecuredCore.Hardware.Identity
Status	Required
Description	The purpose of the test is to validate the device identity is rooted in hardware and can be the primary authentication method with Azure IoT Hub Device Provisioning Service (DPS).
Target Availability	2022
Requirements dependency	TPM v2.0 device
Validation Type	Manual/Tools
Validation	Devices will be enrolled to DPS using the TPM authentication mechanism during testing.
Resources	Azure IoT Hub Device Provisioning Service: Quickstart - Provision a simulated TPM device to Microsoft Azure IoT Hub TPM Attestation Concepts

---

Name	SecuredCore.Hardware.MemoryProtection
Status	Required
Description	The purpose of the test is to validate that DMA is not enabled on externally accessible ports.
Target Availability	2022
Requirements dependency	Only if DMA capable ports exist
Validation Type	Manual/Tools
Validation	If DMA capable external ports exist on the device, toolset to validate that the IOMMU or SMMU is enabled and configured for those ports.
Resources

---

Name	SecuredCore.Firmware.Protection
Status	Required
Description	The purpose of the test is to ensure that device has adequate mitigations from Firmware security threats.
Target Availability	2022
Requirements dependency	DRTM + UEFI
Validation Type	Manual/Tools
Validation	Device to be validated through Edge Secured-core Agent toolset to confirm it is protected from firmware security threats through one of the following approaches: DRTM + UEFI Management Mode mitigations DRTM + UEFI Management Mode hardening
Resources	https://trustedcomputinggroup.org/ Intel's DRTM based computing whitepaper AMD Security whitepaper

---

Name	SecuredCore.Firmware.SecureBoot
Status	Required
Description	The purpose of the test is to validate the boot integrity of the device.
Target Availability	2022
Requirements dependency	UEFI
Validation Type	Manual/Tools
Validation	Device to be validated through Edge Secured-core Agent toolset to ensure that firmware and kernel signatures are validated every time the device boots. UEFI: Secure boot is enabled
Resources

---

Name	SecuredCore.Firmware.Attestation
Status	Required
Description	The purpose of the test is to ensure the device can remotely attest to the Microsoft Azure Attestation service.
Target Availability	2022
Requirements dependency	Azure Attestation Service
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure that platform boot logs and measurements of boot activity can be collected and remotely attested to the Microsoft Azure Attestation service.
Resources	Microsoft Azure Attestation

---

Windows IoT configuration requirements

---

Name	SecuredCore.Encryption.Storage
Status	Required
Description	The purpose of the test to validate that sensitive data can be encrypted on non-volatile storage.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through Edge Secured-core Agent toolset to ensure Secure-boot and BitLocker is enabled and bound to PCR7.
Resources

---

Name	SecuredCore.Encryption.TLS
Status	Required
Description	The purpose of the test is to validate support for required TLS versions and cipher suites.
Target Availability	2022
Requirements dependency	Windows 10 IoT Enterprise Version 1903 or greater. Note: other requirements may require greater versions for other services.
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure the device supports a minimum TLS version of 1.2 and supports the following required TLS cipher suites. TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Resources	TLS support in IoT Hub TLS Cipher suites in Windows 10

---

Name	SecuredCore.Protection.CodeIntegrity
Status	Required
Description	The purpose of this test is to validate that code integrity is available on this device.
Target Availability	2022
Requirements dependency	HVCI is enabled on the device.
Validation Type	Manual/Tools
Validation	Device to be validated through Edge Secured-core Agent toolset to ensure that HVCI is enabled on the device.
Resources	https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-hvci-enablement

---

Name	SecuredCore.Protection.NetworkServices
Status	Required
Description	The purpose of the test is to validate that services listening for input from the network are not running with elevated privileges.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through Edge Secured-core Agent toolset to ensure that 3rd party services accepting network connections are not running with elevated LocalSystem and LocalService privileges. Exceptions may apply
Resources

---

Windows IoT Software/Service Requirements

---

Name	SecuredCore.Built-in.Security
Status	Coming Soon June 2022
Description	The purpose of the test is to make sure devices can report security information and events by sending data to Azure Defender for IoT. Note: Download and deploy security agent from GitHub
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device must generate security logs and alerts. Device logs and alerts messages to Azure Security Center. Device must have the Azure Defender microagent running Configuration_Certification_Check must report TRUE in the module twin Validate alert messages from Azure Defender for IoT.
Resources	Azure Docs IoT Defender for IoT

---

Name	SecuredCore.Protection.Baselines
Status	Coming Soon June 2022
Description	The purpose of the test is to validate that the system conforms to a baseline security configuration.
Target Availability	2022
Requirements dependency	Azure Defender for IoT
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure that Defender IOT system configurations benchmarks have been run.
Resources	https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines https://www.cisecurity.org/cis-benchmarks/

Windows IoT Policy Requirements

---

Some requirements of this program are based on a business agreement between your company and Microsoft. The following requirements are not validated through our test harness, but are required by your company in certifying the device.

---

Name	SecuredCore.Policy.Protection.Debug
Status	Required
Description	The purpose of the test is to validate that debug functionality on the device is disabled.
Target Availability	2022
Requirements dependency
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure that debug functionality requires authorization to enable.
Resources

---

Name	SecuredCore.Policy.Manageability.Reset
Status	Required
Description	The purpose of this test is to validate the device against two use cases: a) Ability to perform a reset (remove user data, remove user configs), b) Restore device to last known good in the case of an update causing issues.
Target Availability	2022
Requirements dependency
Validation Type	Manual/Tools
Validation	Device to be validated through a combination of toolset and submitted documentation that the device supports this functionality. The device manufacturer can determine whether to implement these capabilities to support remote reset or only local reset.
Resources

---

Name	SecuredCore.Policy.Updates.Duration
Status	Required
Description	The purpose of this policy is to ensure that the device remains secure.
Target Availability	2022
Validation Type	Manual
Validation	Commitment from submission that devices certified will be required to keep devices up to date for 60 months from date of submission. Specifications available to the purchaser and devices itself in some manner should indicate the duration for which their software will be updated.
Resources

---

Name	SecuredCore.Policy.Vuln.Disclosure
Status	Required
Description	The purpose of this policy is to ensure that there is a mechanism for collecting and distributing reports of vulnerabilities in the product.
Target Availability	2022
Validation Type	Manual
Validation	Documentation on the process for submitting and receiving vulnerability reports for the certified devices will be reviewed.
Resources

---

Name	SecuredCore.Policy.Vuln.Fixes
Status	Required
Description	The purpose of this policy is to ensure that vulnerabilities that are high/critical (using CVSS 3.0) are addressed within 180 days of the fix being available.
Target Availability	2022
Validation Type	Manual
Validation	Documentation on the process for submitting and receiving vulnerability reports for the certified devices will be reviewed.
Resources

---

::: zone-end ::: zone pivot="platform-linux"

Linux OS Support

OS Support is determined through underlying requirements of Azure services and our ability to validate scenarios.

The Edge Secured-core program for Linux is enabled through the IoT Edge runtime which is supported based on Tier 1 and Tier 2 operating systems.

IoT Edge

Edge Secured-core validation on Linux based devices is executed through a container run on the IoT Edge runtime. For this reason, all devices that are certifying Edge Secured-core must have the IoT Edge runtime installed.

Linux Hardware/Firmware Requirements

Note

• Hardware must support TPM v2.0, SRTM, Secure-boot or UBoot.
• Firmware will be submitted to Microsoft for vulnerability and configuration evaluation.

---

Name	SecuredCore.Hardware.Identity
Status	Required
Description	The purpose of the test is to validate the device identify is rooted in hardware.
Target Availability	2022
Requirements dependency	TPM v2.0 device
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure that the device has a TPM present and that it can be provisioned through DPS using TPM endorsement key.
Resources	Setup auto provisioning with DPS

---

Name	SecuredCore.Hardware.MemoryProtection
Status	Required
Description	The purpose of the test is to validate that DMA is not enabled on externally accessible ports.
Target Availability	2022
Validation Type	Manual/Tools
Validation	If DMA capable external ports exist on the device, toolset to validate that the IOMMU or SMMU is enabled and configured for those ports.
Resources

---

Name	SecuredCore.Firmware.Protection
Status	Required
Description	The purpose of the test is to ensure that device has adequate mitigations from Firmware security threats.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to confirm it is protected from firmware security threats through one of the following approaches: Approved FW that does SRTM + runtime firmware hardening Firmware scanning and evaluation by approved Microsoft 3rd party
Resources	https://trustedcomputinggroup.org/

---

Name	SecuredCore.Firmware.SecureBoot
Status	Required
Description	The purpose of the test is to validate the boot integrity of the device.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure that firmware and kernel signatures are validated every time the device boots. UEFI: Secure boot is enabled Uboot: Verified boot is enabled
Resources

---

Name	SecuredCore.Firmware.Attestation
Status	Required
Description	The purpose of the test is to ensure the device can remotely attest to the Microsoft Azure Attestation service.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure that platform boot logs and measurements of boot activity can be collected and remotely attested to the Microsoft Azure Attestation service.
Resources	Microsoft Azure Attestation

---

Name	SecuredCore.Hardware.SecureEnclave
Status	Optional
Description	The purpose of the test to validate the existence of a secure enclave and that the enclave is accessible from a secure agent.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure the Azure Security Agent can communicate with the secure enclave
Resources	https://github.com/openenclave/openenclave/blob/master/samples/BuildSamplesLinux.md

Linux Configuration Requirements

---

Name	SecuredCore.Encryption.Storage
Status	Required
Description	The purpose of the test to validate that sensitive data can be encrypted on non-volatile storage.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure storage encryption is enabled and default algorithm is XTS-AES, with key length 128 bits or higher.
Resources

---

Name	SecuredCore.Encryption.TLS
Status	Required
Description	The purpose of the test is to validate support for required TLS versions and cipher suites.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure the device supports a minimum TLS version of 1.2 and supports the following required TLS cipher suites. TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Resources	TLS support in IoT Hub

---

Name	SecuredCore.Protection.CodeIntegrity
Status	Required
Description	The purpose of this test is to validate that code integrity is available on this device.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure that code integrity is enabled by validating dm-verity and IMA
Resources

---

Name	SecuredCore.Protection.NetworkServices
Status	Required
Description	The purpose of the test is to validate that applications accepting input from the network are not running with elevated privileges.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure that services accepting network connections are not running with SYSTEM or root privileges.
Resources

Linux Software/Service Requirements

---

Name	SecuredCore.Built-in.Security
Status	Required
Description	The purpose of the test is to make sure devices can report security information and events by sending data to Azure Defender for IoT. Note: Download and deploy security agent from GitHub
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device must generate security logs and alerts. Device logs and alerts messages to Azure Security Center. Device must have the Azure Defender microagent running Configuration_Certification_Check must report TRUE in the module twin Validate alert messages from Azure Defender for IoT.
Resources	Azure Docs IoT Defender for IoT

---

Name	SecuredCore.Manageability.Configuration
Status	Required
Description	The purpose of the test is to validate the devices supports Remote administration via OSConfig.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure the device supports the ability to be remotely manageable and configured by OSConfig.
Resources

---

Name	SecuredCore.Update
Status	Audit
Description	The purpose of the test is to validate the device can receive and update its firmware and software.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Partner confirmation that they were able to send an update to the device through Azure Device update and other approved services.
Resources	Device Update for IoT Hub

---

Name	SecuredCore.Protection.Baselines
Status	Required
Description	The purpose of the test is to validate that the system conforms to a baseline security configuration.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure that Defender IOT system configurations benchmarks have been run.
Resources	https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines https://www.cisecurity.org/cis-benchmarks/

---

Name	SecuredCore.Protection.SignedUpdates
Status	Required
Description	The purpose of the test is to validate that updates must be signed.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure that updates to the operating system, drivers, application software, libraries, packages and firmware will not be applied unless properly signed and validated.
Resources

Linux Policy Requirements

---

Name	SecuredCore.Policy.Protection.Debug
Status	Required
Description	The purpose of the test is to validate that debug functionality on the device is disabled.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through toolset to ensure that debug functionality requires authorization to enable.
Resources

---

Name	SecuredCore.Policy.Manageability.Reset
Status	Required
Description	The purpose of this test is to validate the device against two use cases: a) Ability to perform a reset (remove user data, remove user configs), b) Restore device to last known good in the case of an update causing issues.
Target Availability	2022
Validation Type	Manual/Tools
Validation	Device to be validated through a combination of toolset and submitted documentation that the device supports this functionality. The device manufacturer can determine whether to implement these capabilities to support remote reset or only local reset.
Resources

---

Name	SecuredCore.Policy.Updates.Duration
Status	Required
Description	The purpose of this policy is to ensure that the device remains secure.
Target Availability	2022
Validation Type	Manual
Validation	Commitment from submission that devices certified will be required to keep devices up to date for 60 months from date of submission. Specifications available to the purchaser and devices itself in some manner should indicate the duration for which their software will be updated.
Resources

---

Name	SecuredCore.Policy.Vuln.Disclosure
Status	Required
Description	The purpose of this policy is to ensure that there is a mechanism for collecting and distributing reports of vulnerabilities in the product.
Target Availability	2022
Validation Type	Manual
Validation	Documentation on the process for submitting and receiving vulnerability reports for the certified devices will be reviewed.
Resources

---

Name	SecuredCore.Policy.Vuln.Fixes
Status	Required
Description	The purpose of this policy is to ensure that vulnerabilities that are high/critical (using CVSS 3.0) are addressed within 180 days of the fix being available.
Target Availability	2022
Validation Type	Manual
Validation	Documentation on the process for submitting and receiving vulnerability reports for the certified devices will be reviewed.
Resources

::: zone-end