Microsoft’s Secured-core PCs combat ugly firmware attacks

Eric Abent - Oct 21, 2019, 2:11 pm CDT
0
Microsoft’s Secured-core PCs combat ugly firmware attacks

System security is something that’s always evolving, and that’s especially true as malicious attacks become more sophisticated. In recent years, we’ve seen malware begin to target vulnerabilities in firmware, which is bad news since that can make malicious code harder to detect and remove. Microsoft today presented a solution to that problem, announcing that it’s partnered with manufacturers to develop Secured-core PCs.

In a post to its security blog today, Microsoft notes that attacks on firmware can be particularly devastating, as firmware is given a higher level of access than the hypervisor and OS kernel. Secured-core PCs are intended to prevent firmware-level attacks from happening in the first place rather than simply identifying them.

Microsoft says that Windows 10 Secured-core PCs will use System Guard Secure Launch to make sure that the boot process is safe. “System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities that are built into the latest silicon from AMD, Intel, and Qualcomm to enable the system to leverage firmware to start the hardware and then shortly after re-initialize the system into a trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path,” the company wrote today.

So, in brief, System Guard will first use firmware to boot up the CPU, which will then launch the computer into a trusted state. Once that’s done, the operating system’s hypervisor will take over to ensure the code that’s running in the OS kernel is legitimate. In doing this, Secured-core PCs provide less of an opportunity for firmware-layer attacks to execute malicious code during start up.

Microsoft also implements Trusted Platform Module 2.0 in Secured-core PCs, which allows system admins to make sure that devices are booting securely. Unsurprisingly, Secured-core PCs aren’t being targeted at normal consumers, but enterprise customers and individuals who need to make sure that their systems stay secure at all costs. Therefore, Secured-core PCs are being pitched to healthcare and financial service corporations, government, and individuals who work with sensitive data, whether that’s IP or data that’s been collected from consumers.

Of course, there isn’t anything stopping you from buying a Secured-core PC for personal use if you want that extra layer of protection, with Microsoft listing a collection of Secured-core devices from Dell, Lenovo, HP, Panasonic, and more on its website.


Must Read Bits & Bytes