Microsoft unveils plan to apply Xbox-like security measures to Windows PCs

Share

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the PC Gamer Newsletter

Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Every Friday

GamesRadar+

Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.

Signup +

Every Thursday

GTA 6 O'clock

Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.

Signup +

Every Friday

Knowledge

From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.

Signup +

Every Thursday

The Setup

Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.

Signup +

Every Wednesday

Switch 2 Spotlight

Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.

Signup +

Every Saturday

The Watchlist

Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.

Signup +

Once a month

SFX

Get sneak previews, exclusive competitions and details of special events each month!

Signup +

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Microsoft has announced a new 'Secured-core PC' initiative that aims to harden the security in Windows PCs at the firmware level. According to Microsoft this is a necessary step, as hackers increasingly turn their attention away from software vulnerabilities and towards "other avenues of exploitation with firmware emerging as a top target."

The firmware in a PC is what's commonly referred to as the BIOS. Today's systems rely on Unified Extensible Firmware Interface (UEFI) firmware, which is technically different than a BIOS, though the general function is the same. It's essentially a low-level software routine to configure settings before booting the operating system.

Firmware level attacks are especially troublesome because they are difficult to detect and remove (they can survive a clean wipe of the OS), and give hackers deep access to a system. They're also becoming more common. Microsoft points out that firmware attacks have increased five-fold in the last three years, based on information in NIST's National Vulnerability Database.

The Secured-core PC initiative is Microsoft's answer to this, and it is working with AMD, Intel, Qualcomm, and OEM partners to ensure it's widely adopted. A certified Secured-core PC combines identity, virtualization, OS, hardware, and firmware protection as an added layer of protection.

"Using new hardware capabilities from AMD, Intel, and Qualcomm, Windows 10 now implements System Guard Secure Launch as a key Secured-core PC device requirement to protect the boot process from firmware attacks. System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities that are built into the latest silicon from AMD, Intel, and Qualcomm to enable the system to leverage firmware to start the hardware and then shortly after re-initialize the system into a trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path," Microsoft explains.

If reading that explanation makes your head spin, so will the rest of Microsoft's blog post on the topic. For further reading, AMD posted a related blog post of its own discusses how it's enabling Secured-core PC functions in its next-gen Ryzen processors.

There's a lot of technobabble to wade through. What it boils down to, however, is better cooperation between the hardware and software. As explained by Wired, new processors are being built to run integrity checks during the boot process, with only chip makers holding the necessary encryption keys for these checks.

"It's rooted in the CPU and no longer in the firmware, because it still boots early," says David Weston, director of operating system security at Microsoft. "But if there's anything tampered with, the system code would identify this and shut everything down. So we're taking firmware and any potential compromise out of the circle of trust."

Microsoft already employs a similar strategy on its Xbox consoles, which are locked down even tighter than PCs.

"Xbox has a very advanced threat model because we don't trust the user even in physical possession of the device," Weston told ZDNet. "We don't want the user to be able to hack the console to run their own games."

"Also, when you take it out of the game domain and you put into the real-world physical domain, you want the same guarantee that an attacker cannot access your code and data. We took our own learnings and worked with silicon vendors to develop a strategy to deal with advanced threats," Weston added.

Certified Secured-core PCs are already available from Dell, Dynabook, HP, Lenovo, and Panasonic, along with Microsoft's latest Surface products (there's a full list here). It's not clear if or when this initiative will extend specifically to gaming PCs.