Thanks to a new Microsoft design directive, new Windows laptops from Lenovo, Panasonic, Dell, and HP could be the most hacker-resistant yet. The directive ensures that “Secured-core PCs” come equipped with a new hardware modification which protects the underlying firmware of the system, preventing attackers from stealing sensitive information like encryption keys, and gaining root system access.
One of the most ingenious ways hackers have targeted Windows PCs in recent years has been by going after the underlying unified extensible firmware interface (UEFI) which helps PCs get started once you hit the power switch. Although software protections like Microsoft’s Secure Boot will ward off attacks against the operating system, if the UEFI is compromised, it and any other protective measures like anti-malware software can’t do a thing to stop it.
That’s why many organizations have been advocating for a stronger root of trust, founded in protective hardware, and it seems Microsoft has been listening. The secure core will check the firmware on a system during startup to make sure that it’s legitimate and not infected. It has also protected itself using encryption, which only the device manufacturers have the decryption keys for, adding a secondary layer of anti-tamper protection to the new security system.
This isn’t entirely dissimilar to what we’ve seen other hardware developers like Apple do, with specialized chips confirming the firmware is protected. But where Apple can control all of the hardware in its products and typically utilize chips from one or two manufacturers, Microsoft’s Windows is found on devices with AMD, Intel, and ARM CPUs at the core, among others. It appears as if Microsoft has, in concordance with these manufacturers, developed a system that will work for all of them.
Microsoft confirmed to Digital Trends that the secured core solution includes hardware that is both on and off the CPU die.
In any case, however, the new Secure Core hardware configuration and sticker-clad certification will be available in high-end and business-focused devices. The first to support it, is Microsoft’s own Surface Pro X, although Microsoft has also confirmed it for new editions of the Lenovo ThinkPad X1 Yoga, ThinkPad X1 Carbon, Panasonic Toughbook 55, Dell Latitude 5300 2-in-1, and 7400 2-in-1. The HP Elite Dragonfly, Dynabook Portege X30-F, Tecra X40-F, and X50-F will also be certified with this new hardware and protective ecosystem.
Updated on October 22: Added Microsoft clarification on the location of secured core hardware.