Microsoft has partnered with Dell, Dynabook, HP, Lenovo, and Panasonic on a new class of so-called Secure-core PCs.
Microsoft has partnered with Dell, Dynabook, HP, Lenovo, and Panasonic on a new class of so-called Secure-core PCs with locked-down firmware. Dell, in particular, seems to have been an inspiration for the initiative, which provides new protections at the deepest layer of compatible PCs.
“Dell PCs are hands down the most secure devices in the industry because Dell starts at the foundation, embedding security directly into the PC, below the OS,” Dell VP Brett Hansen says. “Our partnership with Microsoft will further help provide customers with integrated security right out-of-the-box, keeping our customers more secure so they can focus on running their businesses better.”
According to Microsoft, Secure-core PCs are designed specifically for industries like financial services, government, and healthcare, and for workers who handle highly-sensitive intellectual property, or customer or personal data, or any others who are “higher value targets for nation-state attackers.” They include additional layers of security for the PC firmware in an effort to undermine more recent and effective hacks that operate outside of a running operating system.
“Secured-core PCs combine identity, virtualization, operating system, hardware, and firmware protection to add another layer of security underneath the operating system,” Microsoft’s David Weston explains. “Unlike software-only security solutions, Secured-core PCs are designed to prevent these kinds of attacks rather than simply detecting them … Secured-core PC devices are designed to provide [PCs] with uniform assurances around the integrity of the launched operating system and verifiable measurements of the operating system launch to help mitigate against threats taking aim at the firmware layer. These requirements enable customers to boot securely, protect the device from firmware vulnerabilities, shield the operating system from attacks, prevent unauthorized access to devices and data, and ensure that identity and domain credentials are protected.”