Five Must-Have Hardware components to get the most out of Windows 8 (and Windows Server 2012)

Project Planning for Windows 8 Magic

Windows 8 offers many new  features, compared to Windows XP, Windows Vista and even Windows 7. Some of these features are fantastic, but come with a top of the bill hardware price tag. In this blogpost I’ll explain why you’ll need to scour the specifications of your hardware components for these five acronyms:

Note:
Of course, I’ll assume your systems fulfill the minimum system requirements for Windows 8, before you begin reading this blogpost.

 

UEFI 2.3.1

When picking a motherboard for a custom designed rig, or when going through the specifics of a proposed standard desktop / laptop, be sure to check for the presence of Unified Extensible Firmware Interface (UEFI) 2.3.1.

UEFI replaces BIOS. Version 2.3.1 is the latest specification, and provides the extended functionality, Microsoft hooks into with the following Windows 8 features:

Fast boot and resume

Microsoft advertises Windows 8 and Windows RT with 2-second resumes. To achieve these times, a Windows 8 installation is put into a low-powered interrupt-optimized state, that can only be achieved when the system comes with UEFI.

SecureBoot

The UEFI secure boot protocol is a technology that allows firmware to validate authenticity of components to reduce the risk of boot loader attacks. It uses a Public Key Infrastructure  (PKI) process to verify the integrity of the Windows boot loader — preventing malware from infecting the system before the operating system loads.

Secure boot is available since the 2.2 specification of UEFI, but Windows 8 supports SecureBoot only on systems with UEFI v2.3.1 errata B.

BitLocker Network Unlock

A new feature in BitLocker Drive Encryption in Windows 8 is BitLocker Network Unlock. This feature allows for automatic unlock of the Operating System drive when a Windows 8 Pro or Windows 8 Enterprise machine is booted while connected to the corporate network. This feature allows for desktops to be secure, but not burdening the user with security protocol.

This feature requires the client hardware to have a DHCP driver implemented in its UEFI 2.3.1 firmware. To properly support DHCP within UEFI, the UEFI-based system should be in native mode without a BIOS Compatibility Mode or Legacy Mode enabled.

Note:
As of November 2012, only systems with Intel’s 3rd generation Core processors are capable of BitLocker Network Unlock.

Other benefits of UEFI

As an added benefit, when a system comes equipped with UEFI 2.3.1, it is capable of booting from disks that are larger than 2 Tebibytes (2TiB).

From a security point of view, most UEFI

 

TPM 1.2

Windows 8 Pro and Windows 8 Enterprise offer built-in drive encryption functionality under the BitLocker moniker. It consists of BitLocker Drive Encryption (BDE) and BitLocker-to-Go. The first technology offers AES-based encryption of fixed disks, including the Operating System drive. The latter offers AES-based encryption of removable drives, such as USB sticks.

A hardware specification to look for, when using BitLocker Drive Encryption, is a TPM v1.2+ chip, since this allows for storing the Storage Root Key (SRK). Without a suitable TPM chip, you will need to store this key on USB media and insert the media each time you want to unlock (read: boot). Also, you won’t be able to use a smart card or OTP-based token solution with BitLocker Drive Encryption, when no suitable TPM chip is available or enabled.

 

AES-ni

When you use the BitLocker Drive Encryption, system performance is slightly impacted, since data on drives needs to be decrypted on the fly. Intel has developed the AES New Instructions (AES-ni) technology to allow processors to more efficiently decrypt AES-based encrypted data. Both Intel and AMD offer this technology in their current processors and Microsoft has made sure BitLocker can take advantage of it.

BitLocker-to-Go has no hardware requirements, although this technology benefits from processors with AES-ni in much the same way BitLocker Drive Encryption does.

When purchasing new PCs, where you want to take full advantage of BitLocker, be sure to check whether the processor supports AES-ni. In a recent comparison by Intel (whitepaper), a test setup with AES-ni enabled, provides 3 to 7 times more disk speed when encrypting and decrypting files with AES:

image

In a more real-life test, Anandtech compared the PCMark Vantage HDD scores of BitLocker-encrypted drives with and without AES-ni. In their test, BitLocker Drive Encryption on a system with AES-ni enabled resulted in 17% performance loss. In contrast, on the non-AES-ni enabled system, the performance loss was 30%.

 

SLAT

In previous versions of Windows, Virtual PC was available to run Virtual Machines. Many people also used VMware’s Workstation and Oracle’s VirtualBox for the same functionality. Windows 8 Pro and Windows 8 Enterprise come with Hyper-V, that shares a lot of features with Hyper-V in Windows Server 2012 and Hyper-V Server 2012.

In Windows 8, the Hyper-V feature requires a processor with Second Level Address Translation (SLAT). In Intel processors, this feature is called EPT. AMD labeled this feature NPT in its marketing materials.

 

USB 3.0

Windows 8 and Windows Server 2012 are the first Microsoft Operating Systems that support USB (Universal Serial Bus) 3.0. USB has been around on commercially available computer systems since 1996 (remember the Compaq Deskpro 2000 series?) and has seen many improvements over the years. Most of these improvements were bandwidth related.

The newest USB standard is version 3.0. It theoretically offers 5GBit/s transfer speeds. In contrast to the 480Mbit/s theoretical speed of USB 2.0 (resulting in a 35MB/s speed). In real life scenarios, you can transfer data between your computer and a USB 3.0 device with 400MB/s. These speeds are in the same league of speeds as recent generations of Solid State Disks, meaning USB will no longer be the bottleneck.

If you want to use a removable USB drive as your means to boot Windows 8, for instance when using Windows-to-Go, you’ll prefer to use a USB 3.0 device, together with USB 3.0 ports on your Windows 8 computer.

 

Still in doubt?

When, after reading the above five points, you’re still in doubt whether you system will be able to run Windows 8, use the free Microsoft Windows 8 Upgrade Advisor.

This tool can be used to scan your hardware, applications and connected devices to see if they’ll work with Windows 8. It provides a full human-readable compatibility report at the end. Also, it will check your hardware to see if it supports certain Windows 8 features, like Windows Snap, SecureBoot and multitouch on a reference computer:

Windows 8 Upgrade Assistent Compatibility Details Screen (click for original screenshot)

Further reading

Secure Boot Overview
Protecting the pre-OS environment with UEFI
What you should know about Windows 8 security features
BitLocker Overview
BitLocker Frequently Asked Questions (FAQ)
What’s New in BitLocker
Windows Trusted Platform Module Management Step-by-Step Guide
Does your PC have what it takes to run Windows 8’s Hyper-V?
Windows 8: Using Hyper-V on non SLAT CPUs?
Windows Server 2012 Hyper-V DOES NOT Require SLAT (EPT/NPT) Capable Processors
While trying to enable Hyper-V on my Windows 8 computer, why does it say my processor doesn’t have Secondary Level Address Translation (SLAT), when Coreinfo says it does?
Building robust USB 3.0 support
Native USB 3.0 Support Coming to Windows 8
Support for USB 3.0 (Windows)
Windows 8: native USB 3.0 support

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.