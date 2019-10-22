MICROSOFT HAS COOKED UP a new way to keep your computer safe from hackers trying to exploit firmware with its Secured-core PCs initiative.

Hackers are increasingly trying to get their attacks past security measures by attacking the firmware level and thus the mechanism by which hardware interacts with software.

Given the number of hardware makers out there, there's a heck of a lot of variation in firmware when compared to the Windows 10 operating system, for example. This whole shebang makes it difficult to ensure a machine is well locked down.

While Microsoft Secure Boot does go some way to prevent hacks from being executed when a system boots up, it relies upon trusting firmware, meaning if that firmware was compromised, Secure Boot would still assume it was safe.

Secured-core PCs aim to change this by essentially combining a load of Windows 10 security features - such as Trusted Platform Module 2.0 and System Guard - to allow the firmware to power up a system then pass over control to Windows bootloader whereby the process will continue via a trusted code path. The process in effect limits the amount of trust given to hardware firmware.

At the same time, Microsoft has worked with the likes of Intel, Qualcomm and ARM to have Secured-core PCs tap into the in-built security features of chips in order to help send a system down "a well-known and verifiable code path".

Secured-core is not a security system in itself but a set of capabilities and standards a machine will be expected to have if it's to be deemed a Secured-core PC.

Microsoft is working with the likes of HP, Lenovo, and Dell to bring such machines to the market. While Secured-core PCs will pop up in the consumer world, with the Surface Pro X set to be one of the first, they seem more aimed at enterprises, notably those that "handle mission-critical data in some of the most data-sensitive industries like government, financial services, and healthcare".

But it's good to see Microsoft taking measure not just to simply detect and block cyber attacks but find ways that can help prevent them in the first place. µ