Microsoft's 'secured-core PC initiative' aims to protect Windows 10 machines from firmware...

[Polycount]

Microsoft plans to put more of an emphasis on the security of its Windows users moving forward, via the newly-announced "Secured-core PC" initiative. The initiative aims to offer Windows customers a better form of protection against "targeted firmware" attacks.

These attacks, according to Microsoft, are becoming more common in recent years. This is largely due to the ever-improving security features built into operating systems and their "connected services." Better security means more challenges for hackers to overcome, and reduced incentive for them to attempt to break into a system using software vulnerabilities; thus leading them to focus on firmware instead.

To address the growing threat that firmware-based attacks present, Microsoft has partnered up with various PC manufacturing and silicon partners to produce the secured-core PC defense. This defense's primary component is "System Guard Secure Launch," a device requirement that protects a PC's boot process from firmware attacks.

Microsoft's full explanation of how this concept works is quite technical in nature, but here's a summary, in the company's own words:

System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities that are built into the latest silicon from AMD, Intel, and Qualcomm to enable the system to leverage firmware to start the hardware and then shortly after re-initialize the system into a trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path.

Put simply, Secure Launch acts as a sort of gatekeeper between system start-up (or, more specifically, BIOS/UEFI initialization) and actual Windows 10 operation. Using the power of newer CPUs, Secure Launch can ensure everything is running as planned, and no malicious code is attempting to latch itself onto your system before log-in.

As nice as Secure Launch and the secured-core PC initiative as a whole sounds for those who take system security seriously, it doesn't seem like it'll be easily accessible to everyone. From what we can tell (we'll reach out to Microsoft for clarification on this point), only select PCs will be part of this initiative, at least for now.

On the official secured-core PC web page, Microsoft lists three supported laptops: the Lenovo ThinkPad X1 Yoga (4th-gen), the ThinkPad X1 Carbon (7th-gen), and the Panasonic Toughbook 55. It's unclear whether or not Secure Launch will make its way to custom or pre-built desktops PCs in the future. It's not likely, though -- Microsoft says secured-core PCs require "specific configuration[s]" to function.

Permalink to story.

https://www.techspot.com/news/82434-microsoft-ecured-core-pc-initiative-aims-protect-windows.html

[/s]

 

[khizar07]

Are you trying to Sell a different Technology with a different Name.
What you're talking about can be done. Segments of memory are loaded into the cpu cache.
These segments can be hashed to ensure they're not changed. However, this will slow things down.
You wont get 40 Hour Laptops.

 

[Jules Mark II]

Not to worry, this has no effect on gen 6 or lower Intel processors.
It needs a mobo micro code update in order to be secure, which most of the time mobo manufacturers will claim your mobo is already EOL and no longer on their support list.

 

[Bullwinkle M]

"System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities that are built into the latest silicon from AMD, Intel, and Qualcomm to enable the system to leverage firmware to start the hardware and then shortly after re-initialize the system into a trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path."
-------------------------------------------------------------------------------------------------------------
But.......

Spyware Platform 10 is "NOT" a verifiable code path!

It is well known to be malware of course, but we cannot even verify that Microsoft owns the source code

If you would like to prove me wrong, then by all means, SHOW ME THE SOURCE CODE!

If security is really the issue, then we cannot be locked into a system of Microsoft's design

A backdoored Spyware Platform based on Gigabyte after Gigabyte of malware does not make a system secure for the end user

It only makes it secure for the scumbags who created such a scam

 

[quadibloc]

My first reaction to this news was: will it make it harder to install Linux? But Microsoft addressed that issue for its previous technology of this type, and no doubt they will do so this time as well.

 

[netman]

Sounds like another NSA chip to monitor your PC....!

 

[cliffordcooley]

These attacks, according to Microsoft, are becoming more common in recent years. This is largely due to the ever-improving security features built into operating systems and their "connected services."​

Is it me or does that seem contradictory? If security is getting worse, then the features are getting worse not ever-improving.

P.S. Thanks @jobeard for fighting for indents/outdents

 

[jpuroila]

Isn't this what UEFI was supposed to accomplish? Sounds like another excuse to lock down and restrict the user's ability to control a system they own.

 

[Bullwinkle M]

Isn't this what UEFI was supposed to accomplish? Sounds like another excuse to lock down and restrict the user's ability to control a system they own.

This was not exactly what UEFI was supposed to accomplish....

The propaganda was to make you think this was the purpose

The reality was more likely to prevent Volume licenced copies of XP from running on new computers

XP-SP1 had VL versions floating around that did not need activation or have any genuine advantage malware

Hard drives quickly followed suit and almost immediatly stopped manufacturing XP compatible hard drives, switching to 4K "new tech" drives while XP was still the most popular Operating System on the Planet

Volume Licensed copies of SP1 could easily be slipstreamed with SP2 without adding the Genuine Monopoly malware but SP3 was designed to throw a wrech into this practice

There was no valid reason (other than monopolistic greed) to stop making compatible drives or prevent XP installations when it was (at the time) having the highest percentage of installs ever in the history of computing

But yes, the public propaganda campaign was to promote the "security" benefits of UEFI when it was really only a benefit to Microsoft

I still use XP-SP2 without ANY Microsoft security updates ONLINE!
I run it as an Admin account and malware has failed to wreck this box for more than 5 years now

BIOS is password protected and Dual BIOS with one Read Only copy prevents malware from overwriting the factory BIOS

UEFI is simply not needed, and neither is this new scam

My XP boot drive is Read Only!

It is easily write protected with Driveshield
This and other tweaks prevent ALL forms of extortionware

It has not had a bluescreen of death for years and is still malware free