Latest in Gear

Image credit: Engadget

Microsoft has a new way to keep your computer's firmware from being hacked

The company is partnering with chipmakers on a new initiative called Secured-core PC.
276 Shares
Share
Tweet
Share
Save

Sponsored Links

Engadget

In the constant cat and mouse game that is PC security, hackers have increasingly turned to firmware exploits to carry out their attacks. There are a couple of reasons for the uptick. One obvious one is that firmware, as the code that defines the relationship between hardware and software, is vitally important to any computer. Another major issue is that firmware is often written by hardware manufacturers instead of operating system developers like Microsoft. This means there are countless different varieties of firmware, each with their own particular set of quirks and vulnerabilities.

Now Microsoft thinks it has a solution to the problem. As part of a new partnership with PC manufacturers, the company is launching an initiative called Secured-core PC. With Secured-core PC, Microsoft is rethinking Windows's relationship with firmware and how it handles booting up a device.

Under this new system, a processor's firmware will power up the system as always, but then limit how much the processor trusts its own firmware to define the code path it takes to launch the system. The processor will instead call on Microsoft's bootloader for those instructions. The ultimate goal of the framework is to create a safe and reliable path the processor can take each and every time it boots your computer. One major advantage of this system is that it puts the emphasis on preventing attacks, instead of merely detecting them.

Since Windows 8, Windows has included a feature called Secure Boot that checks the authenticity of a bootloader to ensure it's safe to use. The issue with Secure Boot and the reason Microsoft is moving to this new system is that it depends on trusting firmware to check each piece of boot software. Because it operates on the assumption your firmware is safe, Secure Boot can't protect your system when the firmware is attacked.

To implement Secured-core PC, Microsoft is working with all the major chipmakers, including Intel, AMD and Qualcomm, to make processors that feature secure encryption keys burned into the chips during the manufacturing process. Since the system depends on new hardware to protect your PC, you won't be able to download a software update to protect your existing PC against firmware-level attacks. That said, there's a good chance your next Windows computer will come with the feature built-in. One of the first devices that will include Secured-core PC is Microsoft's upcoming Surface Pro X, with devices from Dell, Lenovo and Panasonic to follow.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
276 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Google AI can tell you how close your voice is to Freddie Mercury's

Google AI can tell you how close your voice is to Freddie Mercury's

View
Google demos Stadia UI and lists several missing launch features

Google demos Stadia UI and lists several missing launch features

View
Opera's latest browser update will show you how much you're being tracked

Opera's latest browser update will show you how much you're being tracked

View
Stanford publishes its massive Apple Watch heart-rate study

Stanford publishes its massive Apple Watch heart-rate study

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr