diff --git a/hololens/security-hardware-backed-integrity.md b/hololens/security-hardware-backed-integrity.md index 73b01c88..706404fe 100644 --- a/hololens/security-hardware-backed-integrity.md +++ b/hololens/security-hardware-backed-integrity.md @@ -34,19 +34,6 @@ The goal of most cyberattacks is to maintain persistent access to a device. For In fact, targeted attacks are considered “advanced persistent threats”, due to their strategic need to maintain access to a target device or network. For this reason, Windows Holographic for Business considers defending against persistence absolutely crucial and uses anti-persistence technology to make an ironclad customer security promise. -### Secure boot - -HoloLens 2 enforces Unified Extensible Firmware Interface (UEFI) Secure Boot on all core operating system state. UEFI only boots Microsoft trusted platforms, which ensures that the entire boot chain is verified for integrity, and that Windows always boots with the correct security policies applied to it. HoloLens 2 does not Secure Boot to be turned off, nor does it allow 3rd party boot loaders. - -> [!Tip] -> Learn more about [Secure boot](/windows-hardware/design/device-experiences/oem-secure-boot). - -### Windows Anti-Persistence Assurance - -HoloLens 2 anti-persistence guarantees its users that even in the rare situation that a runtime compromise of the system were to ever occur – such as a remote exploit – such an event would be mitigated with all malicious code removed from the system simply by powering off the device. To further strengthen its anti-persistence, HoloLens 2 has added powerful integrity protection, and put read-only protections in place. - -Persistence to operating system data in form of data is still possible, unless the user performs Push-button reset (PBR) of the device that wipes all mutable partitions. While persistence to immutable partitions is made much harder, the user needs to PBR the HoloLens 2 to remove any possible threat-persistence from mutable parts. - ## Code integrity protection Code integrity (CI) is a key security property of a modern operating system. Enforcing CI enables sound security decisions, because it guarantees the provenance of code is transparent to both the user and operating system. Complete code integrity needs to extend past binary image signing and include runtime enforcement, such as control flow integrity and dynamic code restrictions. CI is critical to preventing multiple classes of attacks including socially engineered malware, such as ransomware, remote code execution exploits, and various other attack classes.