Hi everyone,
I’m looking for feedback from people that have actually used Secured-Core PCs. So far, what I have found is Microsoft’s marketing and documentation about it and news articles saying it exists. What I haven’t found yet is feedback from ethical hacker types confirming this stuff is worth it. In particular, are there features that only exist in a Secured-Core PC?
Has anyone actually used one of these computers in a secured business/enterprise environment? If so, is it your preferred way to provide a secured Windows 10 computer? Why do you feel it is or isn’t?
Are the two Microsoft Surface devices that are Secured-Core compliant (Surface Pro X and Surface Laptop 4 AMD chip) the best implementations of this since Microsoft also open-sources their BIOS/UEFI firmware?
If someone’s needs are cross platform, so they can work on Macs, Linux, Chrome OS, etc… – are any of those better?
My off the cuff guesses on ways to go here would be:
* Microsoft manufactured Secured-Core PC
* Other Secured-Core PCs
* Get an enterprise grade computer, like a Lenovo ThinkPad that has similar hardware as a Secured-Core PC, but fiddle with the firmware and Windows 10 settings to lock it down
* Get a Mac (is there evidence that the M1 processors are more securely designed than what Intel’s been doing the past few years and is the security posture of the current version of macOS better than Linux or Windows)
* Use Linux (assuming either on a ThinkPad or something designed specifically for Linux, like System76), Rarely used it, I’m not sure which distro would be appropriate for secure collaboration in a typical office/professional environment
* Maybe Chrome OS? Never used it, not sure if Alphabet/Google basically being an advertising company has caused them to misbehave on the engineering and architecture stuff required here
But, if you haven’t heard about it and want to learn more – here is Microsoft’s blog post describing what Secured-Core PCs are supposed to do:
innitrichie
<p>Secured-core PCs provide protections that are useful against sophisticated attacks and can provide increased assurance when handling mission-critical data in some of the most data-sensitive industries, such as healthcare workers that handle medical records and other personally identifiable information (PII), commercial roles that handle high business impact and highly sensitive data, such as a financial controller with earnings data.</p><p><br></p><p>These security provisions are considered best-in-class, and are far more resilient than anything available on Apple’s hobbyist platforms.</p><p><br></p><p>I am delighted with the security benefits. I am very excited to see more Secure-core innovations in the years ahead. Trustworthy computing is what keeps me fully invested in Microsoft’s rich enterprise-grade ecosystems.</p>