QueryHardwareSecurity

A work-in-progress utility to query Windows support for security features and mitigations with hardware dependencies.

• Requirements
• Resources
  • Microsoft
  • CPU vendors
  • Miscellaneous
• Glossary
  • General
  • Firmware
  • Processor features
  • Processor vulnerabilities
  • Windows features
• License

Requirements

• Windows 7 or Server 2008 R2 (or newer)
• Windows PowerShell 3.0 (or newer)
  Built-in since Windows 8 and Server 2012
• Supported .NET runtime
  • .NET Framework 4.6.2 (or newer)
    Built-in since Windows 10 1607 and Server 2016
  • .NET 6.0 (or newer)

Resources

Microsoft

• KB4072698: Windows Server guidance to protect against speculative execution side-channel vulnerabilities
• KB4073119: Windows client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities
• KB4073757: Protect your Windows devices against speculative execution side-channel attacks
• KB4457951: Windows guidance to protect against speculative execution side-channel vulnerabilities

CPU vendors

• AMD Product Security
• ARM Security Updates

Miscellaneous

• Transient Execution Attacks

Glossary

General

• DMA
  Direct Memory Access
• MMIO
  Memory-mapped I/O
• PTE
  Page Table Entry
• SMM
  System Management Mode
• TPM
  Trusted Platform Module
• VA
  Virtual Address
• VMM
  Virtual Machine Monitor

Firmware

• BIOS
  Basic Input/Output System
• MOR
  Memory Overwrite Request Control
• PCR
  Platform Configuration Register
• UEFI
  Unified Extensible Firmware Interface

Processor features

• APIC
  Advanced Programmable Interrupt Controller
• AVIC
  Advanced Virtual Interrupt Controller
• CET
  Control-Flow Enforcement Technology
• IBRS
  Indirect Branch Restricted Speculation
  • EIBRS
    Enhanced IBRS
• INVPCID
  Invalidate Process-Context Identifier
• MBE
  Mode-Based Execution Control
• NX
  No-execute
• PCID
  Process-Context Identifiers
• SMEP
  Supervisor Mode Execution Protection
• SSBD
  Speculative Store Bypass Disable
• STIBP
  Single Thread Indirect Branch Predictor
• TSX
  Transactional Synchronization Extensions
  • HLE
    Hardware Lock Elision
  • RTM
    Restricted Transactional Memory

Processor vulnerabilities

• Spectre
  • BCB
    Bounds Check Bypass
  • BCBS
    Bounds Check Bypass Store
  • BTI
    Branch Target Injection
  • RDCL
    Rogue Data Cache Load
  • RSRR
    Rogue System Register Read
  • SSB
    Speculative Store Bypass
• Foreshadow
  • L1TF
    L1 (Level 1 Data Cache) Terminal Fault
• MDS
  Microarchitectural Data Sampling
  • L1DES
    L1D Eviction Sampling
  • MDSUM
    Microarchitectural Data Sampling Uncacheable Memory
  • MFBDS
    Microarchitectural Fill Buffer Data Sampling
  • MLPDS
    Microarchitectural Load Port Data Sampling
  • MSBDS
    Microarchitectural Store Buffer Data Sampling
  • TAA
    TSX Asynchronous Abort
  • VRS
    Vector Register Sampling
• MMIO Stale Data
  Memory-mapped I/O Stale Data
  • DRPW
    Device Register Partial Write
  • SBDR
    Shared Buffers Data Read
  • SBDS
    Shared Buffers Data Sampling
  • SRBDS Update
    Special Register Buffer Data Sampling Update

Windows features

• HVCI
  Hypervisor-protected code integrity
• KMCI
  Kernel Mode Code Integrity
• UMCI
  User Mode Code Integrity
• VSM
  Virtual Secure Mode
• WSMT
  Windows SMM Security Mitigations Table

License

All content is licensed under the terms of The MIT License.