Microsoft’s Secured-core PCs will defend against firmware level threats
The company partnered with both chip and device makers to apply “security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system”.
Secured-core PCs will be available from a wide variety of device makers including Dell, Dynabook, HP, Lenovo, Panasonic and Microsoft. While the full list of Secured-core PCs has not yet been released, two notable examples include HP’s Elite Dragonfly and Microsoft’s Surface Pro X.
As malicious code on the firmware layer can be hard to detect and even more difficult to remove, firmware has emerged as a top target for cybercriminals. According to the National Vulnerability Database, the number of discovered firmware vulnerabilities are growing each year.
To be classified as a Secured-core PC, a device needs to be running Windows Defender’s System Guard Secure Launch which is available on newer hardware from AMD, Intel and Qualcomm. System Guard uses firmware to start the hardware and then shortly after it reinitializes a system into a trusted state.
Secured-core PCs also required the Trusted Platform Module (TPM) 2.0 as it allows admins to measure the components used to verify that a device is booted securely. Windows also monitors and restricts the functionality of potentially dangerous firmware by using System Management Mode (SMM).
Microsoft’s new initiative is not for everyone and is instead intended for industries such as financial services, government and healthcare. Secured-core PCs are also for those who handle highly sensitive intellectual property or personal data that is the target of state-sponsored hackers.
While experts have yet to test the added security of Secured-core PCs, these machines are designed to boot securely, protect users from firmware vulnerabilities and prevent unauthorized access to devices and the sensitive data and credentials…