Microsoft Updates Windows 11 24H2 Compatibilities
Microsoft has recently lifted compatibility restrictions on the Windows 11 24H2 feature update, now making it accessible for those previously affected by the blocks. This change signals a significant enhancement in the rollout of Windows 11 updates.
Introduction of the Attestation Readiness Verifier Tool
In conjunction with the update, Microsoft has introduced a new tool known as the “Attestation Readiness Verifier Tool.”This utility has been designed to assist users in identifying potential compatibility, security, and reliability issues concerning their hardware and firmware.
This tool empowers users to assess the readiness of their Trusted Platform Module (TPM) attestation, providing valuable insights through enhanced information available in the Event Viewer after each system boot.
Understanding the Event Viewer
The Windows Event Viewer is an essential utility that logs numerous “events”related to applications and drivers on your PC, serving as a crucial asset for troubleshooting various issues. Microsoft advocates for its use to facilitate the resolution of potential problems.
Health States Indicated by the Attestation Readiness Verifier
According to Microsoft, the Attestation Readiness Verifier will report one of three possible health states, which can be viewed in the Event Viewer during each boot and when resuming from hibernation:
Attestation readiness verifier indicates three possible health states. You’ll find them in the Event Viewer Log at every boot and hibernate–resume, as follows:
- Attestable: All checks passed. Attestation is expected to report an accurate state.
- Possibly attestable: A platform configuration register (PCR) issue was detected during boot. PCRs, updated by components like UEFI firmware and securely stored in the TPM, are crucial for the operation of security features such as BitLocker. If you encounter this state, try restarting your device. If the issue persists, support from your device or UEFI vendor may be required.
- Not attestable: A critical check has failed, indicating the device has booted in an unhealthy state.
For a comprehensive guide on utilizing the Attestation Readiness Verifier Tool, visitors can refer to Microsoft’s detailed blog post here.
Recent Developments in Hardware-backed Attestation
This release comes shortly after Microsoft enhanced hardware-backed attestation for Windows 11 on Intune. Under Microsoft 365’s roadmap entry ID 387499, Microsoft describes the new feature:
Microsoft Intune: Hardware backed attestation – enhanced for Windows 11
This enhancement aims to bolster the device health compliance policy for Windows 11 by incorporating five additional hardware attestation settings tailored specifically for the operating system. It employs sophisticated security measures such as Memory Integrity, Access Protection, firmware protection, virtualization-based security, and Early Launch Antimalware protection.
The Role of TPM Attestation
For those curious, TPM attestation operates similarly to UEFI Secure Boot. The primary distinction lies in their functionalities: while Secure Boot verifies secure bootloaders, TPM attestation confirms TPM authenticity by ensuring that the RSA (Rivest, Shamir, Adleman) keys associated with the TPM are trusted by a Certificate Authority (CA).
For further insights and illustrations, you can visit this source.
Leave a Reply ▼