winhec content creation principles - sec.ch9.ms · pdf fileimage configuration designer ......
TRANSCRIPT
![Page 1: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/1.jpg)
![Page 2: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/2.jpg)
![Page 3: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/3.jpg)
![Page 4: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/4.jpg)
Platform Convergence Journey
Windows Embedded Handheld 6.5
Windows Embedded 8 Handheld
Windows Embedded 8.1 Handheld
Windows Embedded 8
Windows on Devices
Windows Embedded Standard 8
Windows Embedded 8.1
ConvergedOS kernel
Convergedapp model
Windows Embedded Standard 7
Windows Embedded Compact 7
Windows 10
Windows Embedded Compact 2013
Porting Tools
![Page 5: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/5.jpg)
![Page 6: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/6.jpg)
![Page 7: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/7.jpg)
• Converged APIs, write ONE Universal App (or Driver) and target all Windows 10 editions
Languages
• C++ /CX
• C#, VB
• JS
• Python
• Node.js
APIs
• WinRT
• Win32
• .NET
Deployment and
Execution
• APPX
• App Isolation
UI Frameworks
• HTML
• Xaml
• DirectX
Tools
• Visual Studio
• PowerShell
• SSH
![Page 8: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/8.jpg)
Time zone, System Locale and Wi-Fi connection management
GPIO, I2C, SPI and easy access to custom hardwarehttp://channel9.msdn.com/Events/Build/BUILD2011/HW-747T
Full control for your device, free of standard Process Lifecycle Management
![Page 9: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/9.jpg)
Affordable, off the shelf boards:
www.windowsondevices.com
Boards Supported (blog here)
1. Raspberry Pi 2
2. Minnowboard Max
3. Qualcomm 8016-Dragonboard
Industry devices also available:
Example: Advantech Gateways
![Page 10: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/10.jpg)
![Page 11: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/11.jpg)
https://msdn.microsoft.com/en-us/windows/hardware/dn913721www.windowsondevices.com
![Page 12: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/12.jpg)
Image Configuration Designer (ICD)
Same tools for all OS configurations
Image Configuration Designer
IndustryDevice
MobileDevice
IoT CoreDevice
![Page 13: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/13.jpg)
Configure Device Update Behavior in ICD
Configure Maintenance
Time other than default
(Sun, 3am) to auto install
updates and restart,
suppress notification.
Set AllowAutoUpdate=4,
Then specify
ScheduledInstallDay/Time.
Turn updates off
Set AllowAutoUpdate=5
![Page 14: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/14.jpg)
![Page 15: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/15.jpg)
https://msdn.microsoft.com/en-us/library/windows/hardware/dn916113(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/dn756630(v=vs.85).aspx
![Page 16: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/16.jpg)
![Page 17: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/17.jpg)
https://msdn.microsoft.com/en-us/windows/hardware/dn913721
![Page 18: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/18.jpg)
<BootUILanguage>en-us</BootUILanguage>
<BootLocale>en-us</BootLocale>
<BuildType>fre</BuildType>
<Resolutions>
<Resolution>1024x768</Resolution>
</Resolutions>
<Feature>IOT_ALLJOYN_APP</Feature>
<Feature>IOT_CRT140</Feature>
<Feature>IOT_BERTHA</Feature>
C:\Program Files (x86)\Windows Kits\10\FMFiles\x86\MBMFM.xml contains this reference:
<PackageFile Path="$(mspackageroot)\Retail\$(cputype)\$(buildtype)" Name="Intel.MBM.UART.cab" >
<FeatureIDs>
<FeatureID>MBM_DRIVERS</FeatureID>
</FeatureIDs>
</PackageFile>
![Page 19: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/19.jpg)
![Page 20: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/20.jpg)
![Page 21: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/21.jpg)
Downloaded FFUs
![Page 22: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/22.jpg)
![Page 23: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/23.jpg)
WSUS
http://catalog.update.Microsoft.com
• Device is preconfigured with link to WSUS server,
maintenance time, auto-update/suppress notification.
• Trigger to ping server is suppressed
WU/MU
Server
= An update staging
server
• WSUS gets Device ID
• Sends Authorization
cookie and maintains it.
Query
based on
device
identifier
Controlled Updates: On-premise update management
Query the catalog
IoT Core
Device
Inventory sent
1. Country Code
2. MO (NA for IoT Core)
3. OEM
4. Device
5. Firmware Version
1. Manual search for OS updates by
device, OEM and firmware.
2. IT Admin downloads updates for
later use.
![Page 24: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/24.jpg)
![Page 25: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/25.jpg)
Can anyone afford an attack?
”Secure Boot” and enable remote attestation with
“Measured Boot”
BitLocker – full device encryption and secure key storage
Authenticity with a strong, hardware-bound device identity using Trusted Platform Modules (TPMs)
![Page 27: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/27.jpg)
http://ms-iot.github.io/content/en-US/Community.htm#contact
![Page 28: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/28.jpg)
![Page 29: WinHEC Content Creation Principles - sec.ch9.ms · PDF fileImage Configuration Designer ... BitLocker –full device encryption and secure key storage ... WinHEC Content Creation Principles](https://reader031.vdocuments.us/reader031/viewer/2022021818/5aa494807f8b9ac8748c2274/html5/thumbnails/29.jpg)