Welcome to our peer-to-peer forums, where owners help owners. Need help now? Visit eSupport here.

English Community

Software and Operating SystemSecurity & Malware
All Forum Topics
Options

9 Posts

09-27-2018

United States of America

12 Signins

131 Page Views

  • Posts: 9
  • Registered: ‎09-27-2018
  • Location: United States of America
  • Views: 131
  • Message 11 of 18

Re: recommendations for preventing UEFI rootkit attack now found in wild

2018-10-11, 17:48 PM

Thanks, Aryeh.  I realize devices are safe from LoJax if they have secure boot enabled in Windows Defender Security Center, but I still think it's odd that at least my device - Yoga 920 - doesn't meet the Microsoft security standard for hardware, according to Windows Defender Security:

 

Windows Defender Device Security Center - Lenovo Yoga 920 does not meet standard security

Reply
Options

4083 Posts

12-02-2007

United States of America

9111 Signins

194978 Page Views

  • Posts: 4083
  • Registered: ‎12-02-2007
  • Location: United States of America
  • Views: 194978
  • Message 12 of 18

Re: recommendations for preventing UEFI rootkit attack now found in wild

2018-10-12, 8:15 AM

Hello,

 

I would suggest checking with Lenovo directly to see if they can shed any light on the subject.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP72 (20MB-*)P50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)Yoga 370

  Communities:   English    Deutsche    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Język Polski    Moto English


Need an answer, fast? Try using Browser Search to find it in the Lenovo and Moto Community
Reply
Options

13 Posts

12-02-2017

United States of America

32 Signins

169 Page Views

  • Posts: 13
  • Registered: ‎12-02-2017
  • Location: United States of America
  • Views: 169
  • Message 13 of 18

Re:Lenovo Yoga 920 does not meet Microsoft's standard hardware security requirements

2020-07-08, 20:58 PM

Sorry to bother you with this old subject, but it came to my attention today and I was hoping to get my Yoga 920 in agreement with Microsoft about my security.  Thank you for pursuing an answer in 2018 and supplying informative updates. It looks like you were able to get a decent answer on the Lojax concern, but not to your main question. I don't even know if Lojax is still a concern, so I am focused on the bigger-picture question of how do I get my cpu to meet Microsoft's criteria to be in the Your Device Meets Security Requirements Club for Cool Kids? If I could just learn enough for Microsoft to accept me in the Club for Cool Kids, I will get a CCK tattoo and I would also strive for both the "Exceeds" and "Enhanced" certifications so that Microsoft realizes I am cool enough and I'll add those to my tattoo, too. (j/k)

 

Like you, I am not a fan of answers that say "don't worry about it, it'll never happen to you" -- unless they come with a very convincing explanation that gets over the fact that we live in a world where everyone has financial info on their devices, the most competent tech and security companies can't keep their own data safe from hackers and Microsoft finds the security requirements important enough to include them with every copy of Win 10 OS in prominent locations, including push notification reminders - even in Home versions of the software. Hopefully someone has figured out this potential security shortcoming and will help us out here.

 

Thanks

Reply
Options

4083 Posts

12-02-2007

United States of America

9111 Signins

194978 Page Views

  • Posts: 4083
  • Registered: ‎12-02-2007
  • Location: United States of America
  • Views: 194978
  • Message 14 of 18

Re:Lenovo Yoga 920 does not meet Microsoft's standard hardware security requirements

2020-07-09, 9:00 AM

Hello,

 

I'm sorry, but I don't understand your question, @EskMod .  What exactly is it you would like to know about the security of your Yoga 920?

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP72 (20MB-*)P50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)Yoga 370

  Communities:   English    Deutsche    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Język Polski    Moto English


Need an answer, fast? Try using Browser Search to find it in the Lenovo and Moto Community
Reply
Options

13 Posts

12-02-2017

United States of America

32 Signins

169 Page Views

  • Posts: 13
  • Registered: ‎12-02-2017
  • Location: United States of America
  • Views: 169
  • Message 15 of 18

Re:Lenovo Yoga 920 does not meet Microsoft's standard hardware security requirements

2020-07-09, 18:04 PM

Sorry for not being clear.

 

I have the exact same question as OP in his OP. Why does my Yoga 920 not meet Microsoft's hardware security requirement?  (You can ignore all of OP's references to LoJax as that is not my concern.) Because of this "problem." I get push notifications that my security is lacking and when I try to resolve the problem, Microsoft tells me that my Yoga 920 is not in compliance with MS hardware standards. Like OP, my BIOS is configured for secure start-up. It appears from your last response to OP, that you didn't know the answer in 2018 and referred OP to Lenovo for the answer. My Lenovo support has expired, so that isn't an option for me and I was wondering if this issue had been solved by anyone in the past 2 years?

 

This is what Microsoft has to say about the 4 various grades of hardware for Microsoft's security purposes as well as the error message that I am receiving:

 

Hardware security capability

 

At the bottom of the Device security screen, one of the following messages appears, indicating the security capability of your device.

 

"Your device meets the requirements for Standard hardware security"

 

This means your device supports memory integrity and core isolation and also has:

  • TPM 2.0 (also referred to as your security processor)
  • Secure boot enabled
  • DEP
  • UEFI MAT

 

 

"Your device meets the requirements for Enhanced hardware security" 

 

This means that in addition to meeting all the requirements of standard hardware security, your device also has memory integrity turned on.

 

 

"Your device Exceeds the requirements for Enhanced hardware security"

 

This means that in addition to meeting all the requirements of enhanced hardware security, your device also has System Management Mode (SMM) protection turned on.

 

 

"Standard hardware security not supported"

(**This is how the Yoga 920 is classified**)

 

This means that your device does not meet at least one of the requirements of standard hardware security.

 

 

Improving hardware security  If the security capability of your device isn't what you'd like it to be, you might need to turn on certain hardware features (such as secure boot, if supported) or change the settings in your system's BIOS. Contact your hardware manufacturer to see what features are supported by your hardware and how to activate them.

 

 

https://support.microsoft.com/en-us/help/4096339/windows-10-device-protection-in-windows-defender-security-center#hardwarescore

 

 

I am curious which "standard hardware requirements" are missing from Yoga 920 and whether it can be fixed?

 

Thank you for looking this over. 😀 🙏

Reply
Options

4083 Posts

12-02-2007

United States of America

9111 Signins

194978 Page Views

  • Posts: 4083
  • Registered: ‎12-02-2007
  • Location: United States of America
  • Views: 194978
  • Message 16 of 18

Re:Lenovo Yoga 920 does not meet Microsoft's standard hardware security requirements

2020-07-12, 11:53 AM

Hello,

 

Have you tried enabling the TPM chip, enabling Secure Boot and then performing a clean installation of Windows 10, and then enabling DEP (instructions in post #7 of this thread).

 

I am not sure how to determine if a particular device supports the Memory Address Table of UEFI, though.  You could try asking at UEFI.ORG.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP72 (20MB-*)P50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)Yoga 370

  Communities:   English    Deutsche    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Język Polski    Moto English


Need an answer, fast? Try using Browser Search to find it in the Lenovo and Moto Community
Reply
Options

1 Posts

04-28-2021

United States of America

2 Signins

10 Page Views

  • Posts: 1
  • Registered: ‎04-28-2021
  • Location: United States of America
  • Views: 10
  • Message 17 of 18

Re:Lenovo Yoga 920 does not meet Microsoft's standard hardware security requirements

2021-04-28, 6:53 AM

@ mohairrug wrote:

The first UEFI rootkit has been spotted in the wild, called LoJax (**bleep**ized/trojanized version of Absolute Software' LoJack) and it' apparently very nasty if it compromises your computer - the malware can survive Windows reinstallation, and replacement of the motherboard is the only way to make sure it' gone.  Read more from security vendor ESET here: 

 

https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf

 

So, this alarming news lead me to look at my protection against LoJax.  In Windows/Defender Device Security Center, I see that my Yoga does not meet standard hardware security requirements set by Microsoft.  I' curious if other Lenovo devices (thinkpads, etc) show the same result under the Defender Device Security Center.  There are four requirements (well, actually six) to meet standard omegle according to MS:

Your device meets the requirements for standard hardware security

This means your device supports memory integrity and core isolation and also has:

  • TPM 2.0 (also referred to as your security processor)
  • Secure boot enabled
  • DEP
  • UEFI MAT

 

Without me configuring anything manually, my device had Secure Boot enabled and it nirvam has a TPM 2.0 chip also enabled by default.  My question and reason for the post -  which of the other two security hardware requirements (DEP or UEFI MAT) does this computer not meet?  There' no indication in Windows Defender Device Security Center. 

 

Posting to a MS forum about these questions, a tech referred to more documentation for OEM' regarding security requirements and said '' the responsibility of the OEM manufacturer to make sure they' meeting these minimum requirements'.  

https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-security-considerations

https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-highly-secure

 

Lenovo - the question remains.  How do I make my Yoga 920 ' secure', per Microsoft' recommendations?

As of today, I have no way to know for certain if my device is vulnerable to LoJax and even if the hacker groups responsible for LoJax FancyBear/Strontium etc. aren' targeting me specifically I would think this is a major concern for anyone running Lenovo devices for personal or business use.

Invigorate - if Secure Boot is engaged in Windows Defender Device Security Center (as per usual it gives that it is), by then you are guaranteed against unsigned code execution before UEFI startup. As such, guaranteed against LoJax. At any rate that is the methods by which I interpret ESET's proposition for keeping this UEFI rootkit.

Reply
Options

4083 Posts

12-02-2007

United States of America

9111 Signins

194978 Page Views

  • Posts: 4083
  • Registered: ‎12-02-2007
  • Location: United States of America
  • Views: 194978
  • Message 18 of 18

Re:Lenovo Yoga 920 does not meet Microsoft's standard hardware security requirements

2021-04-28, 8:12 AM

Hello,

 

I would suggest ensuring that your machine has the latest UEFI (BIOS) firmware installed, and then re-running the check with security software that detects the vulnerable version of LoJack as well as the LoJax rootkit to verify your machine is neither vulnerable to the rootkit or affected by it.

 

Regards,

 

Aryeh Goretsky

 



I am a volunteer and neither a Lenovo nor a Microsoft employee.

L380 YogaP72 (20MB-*)P50 (20EN-*)S230u (3347-4HU)T23 (2648-LU7)T42 (2378-R4U)T43p (2678-H7U)T61p (6459-CTO)W510 (4318-CTO)W530 (2441-4R3)W530 (2441-4R3)X100e (3508-CTO)X120e (0596-CTO)X220 (4286-CTO)X250 (20CM-*)Yoga 370

  Communities:   English    Deutsche    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Język Polski    Moto English


Need an answer, fast? Try using Browser Search to find it in the Lenovo and Moto Community
Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete

X

No, I don’t want to share ideas Yes, I agree to these terms

Most Liked Authors

(Last 7 days)

View All