Windows Security is a key part of modern Windows versions that provides protection from a lot of threats. For most of the time, if everything proceeds smoothly, Windows Security could shield the software and hardware of computers. Then again, many users have reported seeing a text that says “Standard hardware security not supported”. Read to the end if you come across the same text on your PC and have no idea what to do.
“Standard Hardware Security Not Supported”: Overview
To understand the concept of Standard hardware security not supported, you need to learn about the three types of protection in Device Security. Here is how you get to the Device Security menu:
- Step 1. Press Windows key + I to open Settings.
- Step 2. Go to Updates & Security.
- Step 3. Select the Windows Security page and click Open Windows Security.
- Step 4. Locate and hit Device Security.
Once opened, there should be one to three features displayed on the screen. Under normal circumstances, the Device Security menu will contain all three main features:
- Core Isolation: This feature isolates your computer’s operating system and device from all processes. Thus, it prevents suspicious programs from tampering with your OS and hardware. If you click on Core Isolation details, you will find an option to turn Memory Integrity option on or off. When turned on, Core Isolation can further protect your pc by preventing malicious codes from accessing high-security processes.
- Security Processor: This feature further encrypts your device using a Trusted Platform Module (TPM). Click on Security processor details to find information regarding your processor manufacturer and version numbers. It also contains the current status of the processor and a troubleshooter.
- Secure boot: Being a more specific feature, secure boot protects your computer from rootkits. A rootkit is a collection of malicious software used to gain access to otherwise restricted parts of a computer. Since rootkits use the same permission as the operating system and start before it, they can remain completely hidden from users. When enabled, secure boot will prevent rootkit from recording keystrokes, bypassing logins, transferring private data and so on.
What Might Have Gone Wrong
In the previous section, we went over the features of Device Security. In a couple of cases, “Standard hardware security not supported” will appear in place of the features. One possibility for the appearance of the text is one or more of the Device Security features are turned off. If all three features were on, the text would have said “Your device meets the requirements for standard hardware security”.
Note: You are using Windows 10 20H2 or newer? Then the “Your device has all Secured-core PC features enabled“ means System Management Mode (SMM) protection is enabled on top of the three aforementioned features.
Approaches To The Situation
Unlike what the message implies, most pre-built desktop PCs and laptops nowadays should meet the requirements for Device Security. Thus, the text is likely to appear on custom-made computers. Regardless of the specs, applying changes to BIOS settings will remove the text. Still, the process to configure BIOS settings may differ according to manufacturer designs, you should look up a guide for your personal model.
To enter the BIOS system configuration menu, you need to press one specific BIOS key assigned by your manufacturer (either F10, F2, F12, F1, or DEL) during the boot screen. If the screen goes away too quickly for your reaction, you can use Windows Advanced Startup Setting as an alternative. Go to Settings > Updates & Security > Recovery > Advanced startup and click Restart now.
Enable Platform Trust Technology
Once you’re in the BIOS configuration screen, the next step is to enable Platform Trust Technology. Regardless of whether your BIOS is from Intel(ITT) or any other brands(PTT), the procedure should be the same.
- Step 1. Expand Security.
- Step 2. Choose Advanced > System Setup.
- Step 3. Hit Enter on the Security Configuration option.
- Step 4. Select PTT to Enable it.
Your motherboard will now function as a TPM device. Hence, the Bitlocker should be automatically enabled, allowing access to the Security Processor feature.
Enable Secure Boot
Next, you need to return to the BIOS configuration screen and turn on Secure Boot. Needless to say, this step will enable the Secure Boot feature of Device Security. Do the following:
- Step 1. Expand Security page.
- Step 2. Change Secure Boot option to ON.
- Step 3. Select Install default Secure Boot keys.
- Step 4. Select Windows UEFI mode for OS type.
Once you’ve finished enabling both features, hit F10 (or the respective key according to your BIOS) to save settings and exit. Then reboot your computer and see how things turn out. If all went well, all three features under Device Security should now be in effect and the “Standard hardware security not supported” message will no longer be there.
Is It Necessary To Enable Security Options?
To keep your PC out of harm’s way, it is recommended to turn all of security options on. You can opt to toggle Memory integrity option under Core isolation to “disabled’ if you desire increased computer performance. Also, you may choose to ignore everything as doing so does not stop your computer from working in any way. Naturally, if you choose to leave them off, do so at your own risk.
How Do I Reach BIOS Configuration Menu If I Do Not Know My Computer’s Model?
Knowing the exact model name is helpful when you want to get to BIOS configuration menu but it’s not mandatory. As long as you are aware of the motherboard manufacturer, you should not have a problem looking up how to navigate the BIOS menu. The manufacturer’s company logo is always displayed on the first boot screen.
Is TPM Protection Reliable?
On its own, the TPM offers a decent amount of protection but it is by no means a complete defense. As a matter of fact, there have been reports of TPM defenses being breached in as quickly as 30 minutes. Hence, do not rely only on TPM to protect your computer. Use TPM alongside additional securities for the best results.