Firmware is the code that determines how your hardware and software work together, so they are essential to any device. Most of the time, the firmware is written by hardware manufacturers, not operating system developers.
Firmware can have vulnerabilities
Thus some firmware comes with their flaws or vulnerabilities. This makes hackers turn their eyes to firmware more and more each day. Microsoft’s new partnership with PC manufacturers now offers a new solution to this situation. The new design, called Secured-core PCs, targets financial services, government, healthcare, and for handling highly-sensitive data.
New devices that will be created in a partnership with Microsoft will lower the chance of firmware layer underpinning the Windows operating system. On the contrary to software-only security measures, Secured-core PCs are adding a new layer of security by combining identity, virtualization, operating system, hardware, and firmware protection.
Windows 10 implements security components
New requirements allow customers to boot the device securely and protect it against possible firmware vulnerabilities. SecOps and IT admins can use the built-in measurements remotely to check the health of the system by System Guard. With new hardware capabilities from AMD, Intel and Qualcomm devices, Windows 10 implements System Guard Secure Launch as a part of the Secured-core PC device to protect the boot device from firmware attacks.
Dynamic Root of Trust of Measurement (DRTM) capabilities that are included in AMD, Intel and Qualcomm devices, processors can follow the safe and reliable path created by the framework. Another requirement for Secured-core PCs is Trusted Platform Module 2.0 (TPM) implemented by Microsoft.
With TPM, customers can enable zero trust networks via System Guard’s runtime attestation. It allows the implementations of conditional access policies, based on the reports from the System Guard. Additionally, it is possible to operate with the additional safeguards when the OS is running to monitor and to restrict the potentially weak firmware functionalities.