Microsoft has today announced an initiative the company has been working on in partnership with PC manufacturers, and silicon makers. The new initiative will bring out ‘Secured Core’ PCs which will be protected against firmware attacks.
According to Microsoft’s blogpost, firmware based attacks have increased manifold in the last couple of years, with more hackers looking at firmware based exploits as a way to attack systems. Secured core PCs will effectively combat these threats, and Microsoft says that these PCs “meet a specific set of device requirements that apply the security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system.”
Microsoft’s definition of a secured core PC says that “Secured-core PCs combine identity, virtualization, operating system, hardware and firmware protection to add another layer of security underneath the operating system. Unlike software-only security solutions, Secured-core PCs are designed to prevent these kinds of attacks rather than simply detecting them.”
Secured core implements hardware capabilities from AMD, Intel, and Qualcomm to implement a new System Guard Secure Launch which basically protects the boot process from firmware attacks. In its explanation of System Guard, Microsoft says “System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities that are built into the latest silicon from AMD, Intel, and Qualcomm to enable the system to leverage firmware to start the hardware and then shortly after re-initialize the system into a trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path.”
Secured core PCs are aimed at industries that require a high level of security for their IT systems and networks, and at end-users who handle critical data such as in branches of government, finance, healthcare, and more.