In an effort to protect users against firmware level threats, Microsoft has announced a new initiative the software giant has been working on with its partners to create Secured-core PCs (opens in new tab).
The company partnered with both chip and device makers to apply “security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system”.
Secured-core PCs will be available from a wide variety of device makers including Dell, Dynabook, HP, Lenovo, Panasonic and Microsoft. While the full list of Secured-core PCs has not yet been released, two notable examples include HP's Elite Dragonfly and Microsoft's Surface Pro X (opens in new tab).
- Microsoft warns on Windows 7 Pro end of life
- Firmware security has barely improved over last decade
- Qualcomm patches major chip security flaw
As malicious code on the firmware layer can be hard to detect and even more difficult to remove, firmware has emerged as a top target for cybercriminals. According to the National Vulnerability Database (opens in new tab), the number of discovered firmware vulnerabilities are growing each year.
To be classified as a Secured-core PC, a device needs to be running Windows Defender's System Guard Secure Launch which is available on newer hardware from AMD, Intel and Qualcomm. System Guard uses firmware to start the hardware and then shortly after it reinitializes a system into a trusted state.
Secured-core PCs also required the Trusted Platform Module (TPM) 2.0 as it allows admins to measure the components used to verify that a device is booted securely. Windows also monitors and restricts the functionality of potentially dangerous firmware by using System Management Mode (SMM).
Microsoft's new initiative is not for everyone and is instead intended for industries such as financial services, government and healthcare. Secured-core PCs are also for those who handle highly sensitive intellectual property or personal data that is the target of state-sponsored hackers.
While experts have yet to test the added security of Secured-core PCs, these machines are designed to boot securely, protect users from firmware vulnerabilities and prevent unauthorized access to devices and the sensitive data and credentials they store.
- Secure your data on the go with the best secure drives of 2019
Via VentureBeat (opens in new tab)