Microsoft Partners with PC Makers on Secure-Core PCs

Microsoft has partnered with Dell, Dynabook, HP, Lenovo, and Panasonic on a new class of so-called Secure-core PCs.

Microsoft has partnered with Dell, Dynabook, HP, Lenovo, and Panasonic on a new class of so-called Secure-core PCs with locked-down firmware. Dell, in particular, seems to have been an inspiration for the initiative, which provides new protections at the deepest layer of compatible PCs.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

“Dell PCs are hands down the most secure devices in the industry because Dell starts at the foundation, embedding security directly into the PC, below the OS,” Dell VP Brett Hansen says. “Our partnership with Microsoft will further help provide customers with integrated security right out-of-the-box, keeping our customers more secure so they can focus on running their businesses better.”

According to Microsoft, Secure-core PCs are designed specifically for industries like financial services, government, and healthcare, and for workers who handle highly-sensitive intellectual property, or customer or personal data, or any others who are “higher value targets for nation-state attackers.” They include additional layers of security for the PC firmware in an effort to undermine more recent and effective hacks that operate outside of a running operating system.

“Secured-core PCs combine identity, virtualization, operating system, hardware, and firmware protection to add another layer of security underneath the operating system,” Microsoft’s David Weston explains. “Unlike software-only security solutions, Secured-core PCs are designed to prevent these kinds of attacks rather than simply detecting them … Secured-core PC devices are designed to provide [PCs] with uniform assurances around the integrity of the launched operating system and verifiable measurements of the operating system launch to help mitigate against threats taking aim at the firmware layer. These requirements enable customers to boot securely, protect the device from firmware vulnerabilities, shield the operating system from attacks, prevent unauthorized access to devices and data, and ensure that identity and domain credentials are protected.”

You can learn more about Secure-core PCs from the Microsoft website.

Share post

Please check our Community Guidelines before commenting

Conversation 10 comments

  • rickeveleigh

    Premium Member
    21 October, 2019 - 4:30 pm

    <p>First sentence has duplicated.</p><p>also is it Secure-core or Secured-core?</p>

  • branpurn

    21 October, 2019 - 4:50 pm

    <p>When the components are being made in CCP-controlled China by state-affiliated companies, you can't ever be certain the hardware the "secure core" firmware interfaces with hasn't been compromised to begin with. </p><p><br></p><p><a href="https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies&quot; target="_blank">https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies</a></p&gt;

    • wright_is

      Premium Member
      22 October, 2019 - 3:42 am

      <blockquote><em><a href="#482464">In reply to branpurn:</a></em></blockquote><p>I thought that story was debunked?</p>

  • MikeGalos

    21 October, 2019 - 10:48 pm

    <p>Great. When I was a Security Program Manager it was always frustrating having an unsecure level below us that we couldn't lock down.</p>

    • MachineGunJohn

      22 October, 2019 - 8:53 am

      <blockquote><em>Pretty hard to feel good about this when you can't really tell which devices are protected by it and which aren't. From what I've seen regarding this the Surface Pro X is but no mention of the Surface Pro 7 or the Surface laptop 3. Has MS really released these brand new devices without to capabilities required for secure core right before they announced it? That would seem highly lame but I find no other sensible reason why else there'd be no mention of them.</em></blockquote><p><br></p>

  • justme

    Premium Member
    22 October, 2019 - 3:29 am

    <p>&lt;edit&gt; Looks like your first sentence is in the article twice. &lt;/edit&gt;</p><p><br></p><p>Its interesting they mention healthcare, because this does nothing near-term for healthcare providers. The biggest issue you will see in healthcare is the fact that some very expensive medical devices run and rely on outdated and insecure operating systems. There is no way to update them without serious investment by the manufacturer largely due to drivers and proprietary software. Ask the NHS in the UK about that. Even if manufacturers would support a software upgrade, healthcare agencies simply dont have the money or cannot afford the down time required.</p>

    • payton

      Premium Member
      24 October, 2019 - 7:26 am

      <blockquote><em><a href="#482585">In reply to JustMe:</a></em></blockquote><p>I wouldn't say that it does nothing for healthcare. Secure workstations definitely are part of a good overall security strategy/system. But you are right that it doesn't address one of the biggest holes in healthcare's security. Probably nothing will be done about this until the providers of these insecure systems start seeing a serious financial impact as a result of it.</p>

  • codymesh

    22 October, 2019 - 5:19 pm

    <p>who wants to guess if or not this locks Linux out of these laptops and that the Linux fans will be mad about it</p>

    • dontbeevil

      04 November, 2019 - 2:06 am

      <blockquote><em><a href="#482734">In reply to codymesh:</a></em></blockquote><p>they need just to implement the support it in their loved opensource world</p>

  • puudevascpor1973

    23 October, 2019 - 10:11 am

    <p>Microsoft says that malware delivered via firmware attack can be <em>"hard to detect and difficult to remove [and] it could persist even across common cleanup procedures like an OS re-install or a hard drive replacement".</em> Furthermore, firmware attacks can undermine security mechanisms like Secure Boot and other mitigations taken by the hypervisor or operating systemas it was mentioned in <a href="http://hillside-primary.co.uk/Microsoft-Secure-Mechanisms-Manual.pdf&quot; target="_blank">Microsoft Secure Mechanisms Manual</a>. It means that we have to be more accurate with cleanup procedures to avoid malware injections..</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC