PC security has always been paramount for Microsoft, and the company continues to work with partners to cover up all tracks. A new initiative called Secured Core is the latest chapter in this grand adventure.
Of course, Microsoft has been focused in these areas before. It launched a new solution with Windows 8 to remove any risks of malicious bootloaders and rootkits based on the Unified Extensible Firmware Interface (UEFI) firmware.
But while the Secure Boot system was designed to prevent specific attacks, it did not prevent the threats that came from vulnerabilities in the trusted firmware.
The big idea behind Secured Core is to allow the system to boot securely by protecting the device from vulnerabilities in the firmware. We have had a number of high-profile security vulnerabilities in recent times, including the notorious Meltdown and Spectre.
This new technology aims to make them history. It will also help shield the operating system in case of an attack and prevent unauthorized access to data.
Microsoft details it best:
“Secured-core PCs combine identity, virtualization, operating system, hardware, and firmware protection to add another layer of security underneath the operating system. Unlike software-only security solutions, Secured-core PCs are designed to prevent these kinds of attacks rather than simply detecting them.
Our investments in Windows Defender System Guard and Secured-core PC devices are designed to provide the rich ecosystem of Windows 10 devices with uniform assurances around the integrity of the launched operating system and verifiable measurements of the operating system launch to help mitigate against threats taking aim at the firmware layer.”
Basically, the company is removing hardware trust from firmware with this new system — or at least limit this as much as possible.
Processors will soon be built with Dynamic Root of Trust for Measurement (DRTM) capabilities baked in. The idea is to allow the system to boot with firmware but then reinitialize into a trusted and secure state. This will be done with the help of Microsoft’s boot loader.
This, Microsoft hopes, will send the system down a known and verifiable code path.
As for when exactly will these Secured Core PCs make their way to the market, it is expected that the upcoming Surface Pro X will be one of the first devices to feature this new security implementation. This Qualcomm powered machine is on track for availability next month.