Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

Microsoft’s Secured-core PCs are designed to fend off firmware vulnerabilities for heightened security

By Wong Chung Wee - on 22 Oct 2019, 12:25pm

Microsoft’s Secured-core PCs are designed to fend off firmware vulnerabilities for heightened security

Image source: Microsoft

Microsoft and its manufacturing partners have rolled out the Secured-core PC initiative. It is meant to protect Windows 10 PCs from firmware vulnerabilities and is intended for industries handling sensitive data.

According to Microsoft, cyberattacks are transforming due to improved built-in security features of operating systems and their accompanying ecosystems. Attackers are turning to exploiting vulnerabilities at firmware and operating system levels, in attempts to carry out their malicious activities. As a result, the Redmond company and its partners have developed Secured-core PCs.

These devices “meet a specific set of device requirements that apply the security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system.” A Secured-core PC makes use of “identity, virtualization, operating system, hardware and firmware protection” to create an additional security layer underneath Windows 10 operating system. Its protection can be generalized into three areas, i.e., Windows kernel, firmware, and basic integrity.

Image source: Microsoft

Windows 10 is able to leverage on new hardware capabilities from chip manufacturers that include AMD, Intel and Qualcomm to implement Secure Guard Secure Launch as the core requirement of a Secured-core device to fend off a PC’s boot process from firmware attacks.

In a nutshell, at the kernel and firmware areas, the Secure Guard Secure Launch stands guard at UEFI loading and transitions the entire system into a trusted and measured state by forcing it “down a well-known and verifiable code path.” This limits trust to the firmware in case it has already been compromised by advanced malware.

In this trusted state, with the CPU initialized, virtualization-based security (VBS) functionality kicks in to ensure the integrity of the Windows kernel. Following which, users are allowed to key in their credentials to securely sign into their Windows environment. Their identities and domain credentials are constantly protected by VBS functionality. In addition, there’s also TPM 2.0 to ensure system integrity.

For now, Secured-core PCs are limited to supported devices operating on Windows 10 Pro. For now, they are all laptops offered by the following manufacturers, i.e., Dell, Dynabook, HP, Lenovo, Panasonic and Microsoft.

Panasonic Toughbook 55 (Image source: Panasonic)

The devices include Lenovo ThinkPad X1 Yoga (4th-gen), Lenovo ThinkPad X1 Carbon (4th-gen), Panasonic Toughbook 55, HP Elite Dragonfly, and Microsoft Surface Pro X. The full list can be found here.

Source: Microsoft (1), (2), (3)

Loading...