Microsoft has announced that the next “major release” of Windows Server will require TPM 2.0 and Secure Boot installed and enabled by default.
“These requirements apply to servers where Windows Server will run, including bare metal, virtual machines (guests) running on Hyper-V or on third party hypervisors approved through the Server Virtualization Validation Program (SVVP),” writes Microsoft’s Windows Server Team.
“Looking ahead, Secure boot and TPM2.0 will serve as the core building blocks for Windows Server security and provide customers with strengthened baseline security for systems available from the ecosystem,” Microsoft’s post adds. “The enforcement of these requirements will be applied to new server platforms introduced to market after January 1, 2021.”
It's hard to argue against the change because Secure boot is a more-than-useful way of ensuring that servers boot into know and trusted environments. TPM2.0 has been all-but-standard since 2016 for PCs. Making it a requirement for the sensitive jobs Windows Server is asked to undertake ought not to be controversial.
There is, of course, some pain in this announcement because it will limit upgrade paths for some users.
But Microsoft appears to know this as its post says: “Existing server platforms will include Additional Qualification certification to help customers identify systems that meet these requirements, similar to the current Assurance AQ for Windows Server 2019 today.”
However the post doesn’t offer any detail about whether the “major release” of Windows Server 2019 it mentions is the H2 update that users of the semi-annual channel expect in a few months, or something else. ®