Module Name
Secure Kernel Code Integrity
Caveat
When operated in FIPS mode with module Windows OS Loader validated to FIPS 140-2 under Cert. #4545 operating in FIPS mode
Security Level Exceptions
- Physical Security: N/A
- Design Assurance: Level 2
Embodiment
Multi-Chip Stand Alone
Description
Secure Kernel Code Integrity (SKCI) running in the Virtual Secure Mode (VSM) of the Hyper-V hypervisor will only grant execute access to physical pages in the kernel that have been successfully verified. Executable pages will not have write permission outside of Hyper-V. Therefore, only verified code can be executed.
Tested Configuration(s)
- Windows Server 2019 Datacenter Core (x64) running on a Dell PowerEdge R640 Server with an Intel Xeon Gold 6230
- Windows Server 2019 Datacenter Core (x64) running on a Dell PowerEdge R840 Server with an Intel Xeon Platinum 8260
- Windows Server 2019 Datacenter Core (x64) running on a Dell XR2 with an Intel Xeon Silver 4114
- Windows Server 2019 Datacenter Core (x64) running on a Rugged Mobile Appliance with an Intel Xeon D-1559 (single-user mode)
Software Versions
10.0.17763.10021 and 10.0.17763.10127