Enabling the Secured-Core Feature of Microsoft Windows Server 2022 on Lenovo ThinkSystem Servers

Secured-core is a new feature of Microsoft Windows Server 2022 that brings powerful threat protections together to provide multi-layer security across hardware, firmware, and the operating system. It uses the Trusted Platform Module 2.0 and System Guard to boot up Windows Server securely and minimize risks from firmware vulnerabilities.

To be certified for Secured-core, new server firmware protection features are required. Currently only ThinkSystem servers with 3rd Gen Intel Xeon Scalable processors and AMD EPYC 7003 Series processors are certified. The ThinkSystem servers with newer processors are also planned in the near future.

This document introduces Secured-core feature, and shows users how to enable it on supported Lenovo® ThinkSystem servers. This paper is intended for IT specialists and IT administrators who are familiar with security features of Windows Server and want to enable Secured-core on applicable Lenovo servers running Windows Server 2022.

Introduction
Supported Lenovo servers
Enabling Secured-core in UEFI
Platform-specific driver installation in Windows Server 2022 for AMD-based system
Enabling Secured-core in Windows Server 2022
Confirming Secured-core is enabled
Resources
Author

To view the document, click the Download PDF button.

Changes in the December 18, 2022 update:

• Updated the list of supported servers: “Supported Lenovo servers” on page 6
• Added information about UEFI settings for AMD servers
  • “Enabling Secured-core in UEFI for AMD-based 1-socket system” on page 8
  • “Enabling Secured-core in UEFI for AMD-based 2-socket system” on page 10
• Added Windows Server 2022 information for AMD systems: “Platform-specific driver installation in Windows Server 2022 for AMD-based system” on page 11

Related product families

Product families related to this document are the following:

• Microsoft Alliance
• Microsoft Windows