Edge Secured-core is an incremental certification in the Azure Certified Device program for IoT devices running a full operating system, such as Linux, Windows 10 IoT or Azure Sphere OS. This program enables device partners to differentiate their devices by meeting an additional set of security criteria. Devices meeting this criteria enable these promises:
Hardware-based device identity
Capable of enforcing system integrity
Stays up to date and is remotely manageable
Provides data at-rest protection
Provides data in-transit protection
Built in security agent and hardening
Windows IoT OS Support
Edge Secured-core for Windows IoT requires Windows 10 IoT Enterprise version 1903 or greater
The Windows secured-core tests require you to download and run the following package (https://aka.ms/Scforwiniot) from an Administrator Command Prompt on the IoT device being validated.
Windows IoT Hardware/Firmware Requirements
Note
Hardware must support and have the following enabled:
Intel or AMD virtualization extensions
Trusted Platform Module (TPM) 2.0
For Intel systems: Intel Virtualization Technology for Directed I/O (VT-d), Intel Trusted Execution Technology (TXT), and SINIT ACM driver package must be included in the Windows system image (for DRTM)
For AMD systems: AMD IOMMU and AMD-V virtualization, and SKINIT package must be integrated in the Windows system image (for DRTM)
Kernel DMA Protection (also known as Memory Access Protection)
Name
SecuredCore.Hardware.Identity
x86/AMD64
Arm64
Status
Required
2023
2024
Description
The purpose of the requirement is to validate the device identity is rooted in hardware and can be the primary authentication method with Azure IoT Hub Device Provisioning Service (DPS).
Requirements dependency
TPM v2.0 device
Validation Type
Manual/Tools
Validation
Devices are enrolled to DPS using the TPM authentication mechanism during testing.
The purpose of the requirement is to validate that DMA isn't enabled on externally accessible ports.
Requirements dependency
Only if DMA capable ports exist
Validation Type
Manual/Tools
Validation
If DMA capable external ports exist on the device, toolset to validate that the IOMMU, or SMMU is enabled and configured for those ports.
Name
SecuredCore.Firmware.Protection
x86/AMD64
Arm64
Status
Required
2023
2024
Description
The purpose of the requirement is to ensure that device has adequate mitigations from Firmware security threats.
Requirements dependency
DRTM + UEFI
Validation Type
Manual/Tools
Validation
Device to be validated through Edge Secured-core Agent toolset to confirm it's protected from firmware security threats through one of the following approaches:
The purpose of the requirement is to validate the boot integrity of the device.
Requirements dependency
UEFI
Validation Type
Manual/Tools
Validation
Device to be validated through Edge Secured-core Agent toolset to ensure that firmware and kernel signatures are validated every time the device boots.
UEFI: Secure boot is enabled
Name
SecuredCore.Firmware.Attestation
x86/AMD64
Arm64
Status
Required
2023
2024
Description
The purpose of the requirement is to ensure the device can remotely attest to the Microsoft Azure Attestation service.
Requirements dependency
Azure Attestation Service
Validation Type
Manual/Tools
Validation
Device to be validated through toolset to ensure that platform boot logs and measurements of boot activity can be collected and remotely attested to the Microsoft Azure Attestation service.
The purpose of the requirement to validate that sensitive data can be encrypted on nonvolatile storage.
Validation Type
Manual/Tools
Validation
Device to be validated through Edge Secured-core Agent toolset to ensure Secure-boot and BitLocker is enabled and bound to PCR7.
Name
SecuredCore.Encryption.TLS
x86/AMD64
Arm64
Status
Required
2023
2024
Description
The purpose of the requirement is to validate support for required TLS versions and cipher suites.
Requirements dependency
Windows 10 IoT Enterprise Version 1903 or greater. Note: other requirements may require greater versions for other services.
Validation Type
Manual/Tools
Validation
Device to be validated through toolset to ensure the device supports a minimum TLS version of 1.2 and supports the following required TLS cipher suites.
The purpose of the requirement is to validate that services listening for input from the network aren't running with elevated privileges.
Validation Type
Manual/Tools
Validation
Device to be validated through Edge Secured-core Agent toolset to ensure that third party services accepting network connections aren't running with elevated LocalSystem and LocalService privileges.
Exceptions may apply
Windows IoT Software/Service Requirements
Name
SecuredCore.Built-in.Security
x86/AMD64
Arm64
Status
Required
Future
Future
Description
The purpose of the requirement is to make sure devices can report security information and events by sending data to Azure Defender for IoT. Note: Download and deploy security agent from GitHub
Target Availability
2022
Validation Type
Manual/Tools
Validation
Device must generate security logs and alerts. Device logs and alerts messages to Azure Security Center.
Device must have the Azure Defender microagent running
Configuration_Certification_Check must report TRUE in the module twin
Validate alert messages from Azure Defender for IoT.
Some requirements of this program are based on a business agreement between your company and Microsoft. The following requirements aren't validated through our test harness, but are required by your company in certifying the device.
Name
SecuredCore.Policy.Protection.Debug
Status
Required
Description
The purpose of the requirement is to validate that debug functionality on the device is disabled.
Requirements dependency
Validation Type
Manual/Tools
Validation
Device to be validated through toolset to ensure that debug functionality requires authorization to enable.
Name
SecuredCore.Policy.Manageability.Reset
Status
Required
Description
The purpose of this requirement is to validate the device against two use cases: a) Ability to perform a reset (remove user data, remove user configs), b) Restore device to last known good in the case of an update causing issues.
Requirements dependency
Validation Type
Manual/Tools
Validation
Device to be validated through a combination of toolset and submitted documentation that the device supports this functionality. The device manufacturer can determine whether to implement these capabilities to support remote reset or only local reset.
Name
SecuredCore.Policy.Updates.Duration
Status
Required
Description
The purpose of this policy is to ensure that the device remains secure.
Validation Type
Manual
Validation
Commitment from submission that devices certified can be kept up to date for 60 months from date of submission. Specifications available to the purchaser and devices itself in some manner should indicate the duration for which their software will be updated.
Name
SecuredCore.Policy.Vuln.Disclosure
Status
Required
Description
The purpose of this policy is to ensure that there's a mechanism for collecting and distributing reports of vulnerabilities in the product.
Validation Type
Manual
Validation
Documentation on the process for submitting and receiving vulnerability reports for the certified devices will be reviewed.
Name
SecuredCore.Policy.Vuln.Fixes
Status
Required
Description
The purpose of this policy is to ensure that vulnerabilities that are high/critical (using CVSS 3.0) are addressed within 180 days of the fix being available.
Validation Type
Manual
Validation
Documentation on the process for submitting and receiving vulnerability reports for the certified devices will be reviewed.
Linux OS Support
OS Support is determined through underlying requirements of Azure services and our ability to validate scenarios.
The Edge Secured-core program for Linux is enabled through the IoT Edge runtime, which is supported based on Tier 1 and Tier 2 operating systems.
IoT Edge
Edge Secured-core validation on Linux based devices is executed through a container run on the IoT Edge runtime. For this reason, all devices that are certifying Edge Secured-core must have the IoT Edge runtime installed.
Linux Hardware/Firmware Requirements
Note
Hardware must support TPM v2.0, SRTM, Secure-boot or UBoot.
Firmware will be submitted to Microsoft for vulnerability and configuration evaluation.
Name
SecuredCore.Hardware.Identity
x86/AMD64
Arm64
Status
Required
2023
2023
Description
The purpose of the requirement is to validate the device identify is rooted in hardware.
Requirements dependency
TPM v2.0 device
TPM v2.0 or *other supported method
Validation Type
Manual/Tools
Validation
Device to be validated through toolset to ensure that the device has a HWRoT present and that it can be provisioned through DPS using TPM or SE.
The purpose of the requirement is to validate the boot integrity of the device.
Validation Type
Manual/Tools
Validation
Device to be validated through toolset to ensure that firmware and kernel signatures are validated every time the device boots.
UEFI: Secure boot is enabled
Uboot: Verified boot is enabled
Name
SecuredCore.Firmware.Attestation
x86/AMD64
Arm64
Status
Required
2023
2023
Description
The purpose of the requirement is to ensure the device can remotely attest to the Microsoft Azure Attestation service.
Dependency
TPM 2.0
TPM 2.0 or *supported OP-TEE based application chained to a HWRoT (Secure Element or Secure Enclave)
Validation Type
Manual/Tools
Validation
Device to be validated through toolset to ensure that platform boot logs and applicable runtime measurements can be collected and remotely attested to the Microsoft Azure Attestation service.
Resources
Microsoft Azure Attestation Certification portal test includes an attestation client that when combined with the TPM 2.0 can validate the Microsoft Azure Attestation service.
Name
SecuredCore.Hardware.SecureEnclave
x86/AMD64
Arm64
Status
Required
Future
Future
Description
The purpose of the requirement to validate the existence of a secure enclave and that the enclave can be used for security functions.
Validation Type
Manual/Tools
Validation
Linux Configuration Requirements
Name
SecuredCore.Encryption.Storage
x86/AMD64
Arm64
Status
Required
2023
2023
Description
The purpose of the requirement to validate that sensitive data can be encrypted on nonvolatile storage.
Validation Type
Manual/Tools
Validation
Device to be validated through toolset to ensure storage encryption is enabled and default algorithm is XTS-AES, with key length 128 bits or higher.
Name
SecuredCore.Encryption.TLS
x86/AMD64
Arm64
Status
Required
2023
2023
Description
The purpose of the requirement is to validate support for required TLS versions and cipher suites.
Validation Type
Manual/Tools
Validation
Device to be validated through toolset to ensure the device supports a minimum TLS version of 1.2 and supports the following required TLS cipher suites.
The purpose of the requirement is to validate that device supports auditing and setting of system configuration (and certain management actions such as reboot) through Azure.
Dependency
azure-osconfig
Validation Type
Manual/Tools
Validation
Device must report, via IoT Hub, its firewall state, firewall fingerprint, ip addresses, network adapter state, host name, hosts file, TPM (absence, or presence with version) and package manager sources (see What can I manage)
Device must accept the creation, via IoT Hub, of a default firewall policy (accept vs drop), and at least one firewall rule, with positive remote acknowledgment (see configurationStatus)
Device must accept the replacement of /etc/hosts file contents via IoT Hub, with positive remote acknowledgment (see https://learn.microsoft.com/en-us/azure/osconfig/howto-hosts?tabs=portal#the-object-model )
Device must accept and implement, via IoT Hub, remote reboot
Note: Use of other system management toolchains (for example, Ansible, etc.) by operators are not prohibited, but the device must include the azure-osconfig agent such that it's ready to be managed from Azure.
Name
SecuredCore.Update
x86/AMD64
Arm64
Status
Audit
2023
2023
Description
The purpose of the requirement is to validate the device can receive and update its firmware and software.
Validation Type
Manual/Tools
Validation
Partner confirmation that they were able to send an update to the device through Azure Device update and other approved services.
The purpose of the requirement is to validate that updates must be signed.
Validation Type
Manual/Tools
Validation
Device to be validated through toolset to ensure that updates to the operating system, drivers, application software, libraries, packages and firmware won't be applied unless properly signed and validated.
Linux Policy Requirements
Name
SecuredCore.Policy.Protection.Debug
Status
Required
Description
The purpose of the requirement is to validate that debug functionality on the device is disabled.
Validation Type
Manual/Tools
Validation
Device to be validated through toolset to ensure that debug functionality requires authorization to enable.
Name
SecuredCore.Policy.Manageability.Reset
Status
Required
Description
The purpose of this requirement is to validate the device against two use cases: a) Ability to perform a reset (remove user data, remove user configs), b) Restore device to last known good if an update causing issues.
Validation Type
Manual/Tools
Validation
Device to be validated through a combination of toolset and submitted documentation that the device supports this functionality. The device manufacturer can determine whether to implement these capabilities to support remote reset or only local reset.
Name
SecuredCore.Policy.Updates.Duration
Status
Required
Description
The purpose of this policy is to ensure that the device remains secure.
Validation Type
Manual
Validation
Commitment from submission that devices certified will be required to keep devices up to date for 60 months from date of submission. Specifications available to the purchaser and devices itself in some manner should indicate the duration for which their software will be updated.
Name
SecuredCore.Policy.Vuln.Disclosure
Status
Required
Description
The purpose of this policy is to ensure that there's a mechanism for collecting and distributing reports of vulnerabilities in the product.
Validation Type
Manual
Validation
Documentation on the process for submitting and receiving vulnerability reports for the certified devices will be reviewed.
Name
SecuredCore.Policy.Vuln.Fixes
Status
Required
Description
The purpose of this policy is to ensure that vulnerabilities that are high/critical (using CVSS 3.0) are addressed within 180 days of the fix being available.
Validation Type
Manual
Validation
Documentation on the process for submitting and receiving vulnerability reports for the certified devices will be reviewed.
Azure Sphere platform Support
The Mediatek MT3620AN must be included in your design. Additional guidance for building secured Azure Sphere applications can be within the Azure Sphere application notes.
Azure Sphere Hardware/Firmware Requirements
Name
SecuredCore.Hardware.Identity
Azure Sphere
Status
Required
2023
Description
The purpose of the requirement is to validate the device identity is rooted in hardware.
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Name
SecuredCore.Hardware.MemoryProtection
Azure Sphere
Status
Required
2023
Description
The purpose of the requirement is to ensure that memory integrity helps protect the device from vulnerable peripherals.
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Name
SecuredCore.Firmware.Protection
Azure Sphere
Status
Required
2023
Description
The purpose of the requirement is to ensure that device has adequate mitigations from Firmware security threats.
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Name
SecuredCore.Firmware.SecureBoot
Azure Sphere
Status
Required
2023
Description
The purpose of the requirement is to validate the boot integrity of the device.
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Name
SecuredCore.Firmware.Attestation
Azure Sphere
Status
Required
2023
Description
The purpose of the requirement is to ensure the device can remotely attest to a Microsoft Azure Attestation service.
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Name
SecuredCore.Hardware.SecureEnclave
Azure Sphere
Status
Required
2023
Description
The purpose of this requirement is to validate hardware security that is accessible from a secure operating system.
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Azure Sphere OS Configuration Requirements
Name
SecuredCore.Encryption.Storage
Azure Sphere
Status
Required
2023
Description
The purpose of this requirement is to validate that sensitive data can be encrypted on nonvolatile storage.
Validation Type
Prevalidated, no additional validation is required
The purpose of this requirement is to validate the device supports remote administration via service-based configuration control.
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Name
SecuredCore.Update
Azure Sphere
Status
Required
2023
Description
The purpose of the requirement is to validate the device can receive and update its firmware and software.
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Name
SecuredCore.Protection.Baselines
Azure Sphere
Status
Required
2023
Description
The purpose of the requirement is to validate that the system conforms to a baseline security configuration
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Name
SecuredCore.Protection.SignedUpdates
Azure Sphere
Status
Required
2023
Description
The purpose of the requirement is to validate that updates must be signed.
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Azure Sphere Policy Requirements
Name
SecuredCore.Policy.Protection.Debug
Status
Required
Description
The purpose of the policy requires that debug functionality on the device is disabled.
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Name
SecuredCore.Policy.Manageability.Reset
Status
Required
Description
The policy requires that the device can execute two use cases: a) Ability to perform a reset (remove user data, remove user configurations), b) Restore device to last known good in the case of an update causing issues.
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Name
SecuredCore.Policy.Updates.Duration
Status
Required
Description
The purpose of this policy is to ensure that the device remains secure.
Validation Type
Prevalidated, no additional validation is required
Validation
Provided by Microsoft
Name
SecuredCore.Policy.Vuln.Disclosure
Status
Required
Description
The purpose of this policy is to ensure that there's a mechanism for collecting and distributing reports of vulnerabilities in the product.
Validation Type
Prevalidated, no additional validation is required
Validation
Azure Sphere vulnerabilities are collected by Microsoft through MSRC and are published to customers through the Tech Community Blog, Azure Sphere “What’s New” page, and through Mitre’s CVE database.
The purpose of this policy is to ensure that vulnerabilities that are high/critical (using CVSS 3.0) are addressed within 180 days of the fix being available.
Validation Type
Prevalidated, no additional validation is required