Microsoft unveils its most secure laptop yet and it's powered by AMD Ryzen

Surface Laptop 4 with AMD Ryzen Mobile Processor
(Image credit: Microsoft)
Audio player loading…

Microsoft has announced that its adding another business laptop (opens in new tab) to its lineup of Secured-core PCs with the unveiling of the all-new Surface Laptop 4 (opens in new tab) powered by AMD Ryzen Mobile Processors.

The software giant's Secured-core PC (opens in new tab) initiative first launched back in 2019 and so far Dell, Dynabook, Getac, HP, Lenovo, Fujitsu, Acer, Asus, Panasonic and Microsoft have created ultra-secure laptops designed to protect users against firmware level threats.

At the heart of the new Surface Laptop 4, is the Trusted Platform Module 2.0 (TPM (opens in new tab)) and a AMD Ryzen Mobile Processor with System Guard to boot securely while minimizing the impact of firmware vulnerabilities. The device's TPM 2.0 chip does this by sandboxing firmware to protect critical subsystems and sensitive data.

On Secured-core PCs, Kernel Direct Memory Access Protection is also pre-enabled to help ensure that the system is protect against malicious and unintended Direct Memory Access (DMA) attacks such as Thunderspy (opens in new tab). Meanwhile the TPM 2.0 chip serves as the hardware root-of-trust for the Surface Laptop 4 and can protect sensitive assets like BitLocker keys (opens in new tab) while also making the device ready for Zero Trust security.

Firmware attacks

According to Microsoft's Security Signals report from March of this year, a vast majority of enterprise customers have experienced at least one firmware attack (opens in new tab) during the past two years. In a blog post (opens in new tab), the Microsoft Security Team provided further insight as to why there has been an increase in firmware attacks recently, saying:

“Firmware, which lives below the operating system, is emerging as a primary target because it is where sensitive information like credentials and encryption keys are stored in memory. Many devices in the market today don’t offer visibility into that layer to ensure that attackers haven’t compromised a device prior to the boot process or at runtime bellow the kernel. And attackers have noticed.”

To address the growing number of firmware attacks, Microsoft has introduced its own Unified Extensible Firmware Interface (UEFI (opens in new tab)) to enable a secure and maintainable interface to manage firmware. Microsoft UEFI facilitates full transparency for its customers and was built using the open source (opens in new tab) project called Project Mu.

The software giant also built its own tools for managing and updating UEFI including Surface Enterprise Management Mode (SEMM). This can be used as either a stand-alone tool or integrated with Microsoft Endpoint Configuration Manager to manage the UEFI settings on a user's Surface without having to hold Power button + Volume UP to boot straight into the UEFI.

While a release date has not yet been set for the new Surface Laptop 4 powered by AMD Ryzen Mobile Processors, the device joins the Surface Pro X (opens in new tab) as the second secured-core PC offering in the Surface portfolio.

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.