Microsoft teams up with chipmakers to create Secured-core PCs with unhackable firmware
Microsoft is partnering with PC manufacturers and chip-makers on a new initiative designed to make systems with firmware that cannot be hacked.
Called Secured-core PCs, the systems apply the security best practices of isolation and minimal trust to the firmware layer. This helps to protect systems from low-level interference by malicious code.
See also:
- KB4520062 update is breaking Microsoft Defender Advanced Threat Protection for some
- Microsoft releases Windows 10 20H1 Build 19002 with improved Bluetooth pairing
- Microsoft warns Windows 7 Pro users about end of support
Firmware attacks have become increasingly prevalent, and present serious problems because of the difficulty in detecting such attacks, and the disruptions caused by the methods of removal required. Microsoft says that the new Secure-core systems are aimed at companies and institutions that handle particularly sensitive data, such as banks, health providers and governments.
Microsoft explains:
Secured-core PCs combine identity, virtualization, operating system, hardware and firmware protection to add another layer of security underneath the operating system. Unlike software-only security solutions, Secured-core PCs are designed to prevent these kinds of attacks rather than simply detecting them. Our investments in Windows Defender System Guard and Secured-core PC devices are designed to provide the rich ecosystem of Windows 10 devices with uniform assurances around the integrity of the launched operating system and verifiable measurements of the operating system launch to help mitigate against threats taking aim at the firmware layer. These requirements enable customers to boot securely, protect the device from firmware vulnerabilities, shield the operating system from attacks, prevent unauthorized access to devices and data, and ensure that identity and domain credentials are protected.
The built-in measurements can be used by SecOps and IT admins to remotely monitor the health of their systems using System Guard runtime attestation and implement a zero-trust network rooted in hardware. This advanced firmware security works in concert with other Windows features to ensure that Secured-core PCs provide comprehensive protections against modern threats.
One of the requirements for Secured-core PCs is Trusted Platform Module 2.0 (TPM) to verify secure booting. Measures are also taken to monitor and restrict potentially dangerous firmware functionality accessible through System Management Mode (SMM).
Microsoft's own Surface Pro X is a Secured-core system, and others will be released by Dell, Dynabook, HP, Lenovo and Panasonic. More details are available on the Microsoft website.