Secured-core PC Initiative May Reduce Firmware Attacks

• Secured-core PCs could resist attacks on device firmware, which are increasing.
• The initiative may help organizations protect sensitive data, such as medical records.
• Implementation will require advanced chipsets and Windows Defender System Guard.

Secured-core PC is a Microsoft initiative in conjunction with processor manufacturers and device OEMs to reduce attacks that target device firmware. It uses improvements to hardware and software to ensure only valid, trusted firmware runs on a device and that the firmware remains tamper resistant. However, organizations may want to assess the risks and the costs before deciding on broad deployment of devices implementing Secured-core capabilities.

Securing Firmware

Firmware is a specific class of software held in a device’s nonvolatile memory that is used to initialize the device. Code stored in firmware typically executes before, and with a higher level of access and privilege than, a hypervisor and the OS kernel.

Although previously rare, attacks on firmware are growing. In Windows 8, Microsoft introduced Secure Boot as a first step in protecting firmware by reducing the risk of a compromised bootloader (the software that loads the OS for execution) or the insertion of rootkits that load (and often hide) untrusted or unreliable code on a system. Secure Boot relies on the Unified Extensible Firmware Interface (UEFI) and a Trusted Platform Module (TPM) to validate that code is only loaded from a trusted source and has not been altered.