Microsoft has partnered with Dell, Dynabook, HP, Lenovo, and Panasonic on a new class of so-called Secure-core PCs.
Microsoft has partnered with Dell, Dynabook, HP, Lenovo, and Panasonic on a new class of so-called Secure-core PCs with locked-down firmware. Dell, in particular, seems to have been an inspiration for the initiative, which provides new protections at the deepest layer of compatible PCs.
“Dell PCs are hands down the most secure devices in the industry because Dell starts at the foundation, embedding security directly into the PC, below the OS,” Dell VP Brett Hansen says. “Our partnership with Microsoft will further help provide customers with integrated security right out-of-the-box, keeping our customers more secure so they can focus on running their businesses better.”
According to Microsoft, Secure-core PCs are designed specifically for industries like financial services, government, and healthcare, and for workers who handle highly-sensitive intellectual property, or customer or personal data, or any others who are “higher value targets for nation-state attackers.” They include additional layers of security for the PC firmware in an effort to undermine more recent and effective hacks that operate outside of a running operating system.
“Secured-core PCs combine identity, virtualization, operating system, hardware, and firmware protection to add another layer of security underneath the operating system,” Microsoft’s David Weston explains. “Unlike software-only security solutions, Secured-core PCs are designed to prevent these kinds of attacks rather than simply detecting them … Secured-core PC devices are designed to provide [PCs] with uniform assurances around the integrity of the launched operating system and verifiable measurements of the operating system launch to help mitigate against threats taking aim at the firmware layer. These requirements enable customers to boot securely, protect the device from firmware vulnerabilities, shield the operating system from attacks, prevent unauthorized access to devices and data, and ensure that identity and domain credentials are protected.”
You can learn more about Secure-core PCs from the Microsoft website.
<blockquote><em><a href="#482734">In reply to codymesh:</a></em></blockquote><p>they need just to implement the support it in their loved opensource world</p>
<p>Microsoft says that malware delivered via firmware attack can be <em>"hard to detect and difficult to remove [and] it could persist even across common cleanup procedures like an OS re-install or a hard drive replacement".</em> Furthermore, firmware attacks can undermine security mechanisms like Secure Boot and other mitigations taken by the hypervisor or operating systemas it was mentioned in <a href="http://hillside-primary.co.uk/Microsoft-Secure-Mechanisms-Manual.pdf" target="_blank">Microsoft Secure Mechanisms Manual</a>. It means that we have to be more accurate with cleanup procedures to avoid malware injections..</p>