The concept of Secured-core PC is not exactly new: Microsoft presented the concept of Secured-core PCs based on Windows 10 in 2019, explaining how the goal of these systems was to provide an advanced level of safety and protection against cyber threats. Secured-core PCs are systems designed to ensure that the firmware, operating system and hardware are protected from cyber attacks sophisticated and are resistant to various forms of security compromise.
Surface devices are all Secured-core PCs
For the first time, as Microsoft certifies starting today, all Surface devices they become automatically Secured-core PC. In the case of Surfaces, in fact, Microsoft independently writes the firmware and the basic software, thus maintaining full control over the safety and operation of the products, somewhat Apple style.
Scott Fudally, vice president of Surface development, highlights that the firmware ensures that all software subsequently loaded onto the system is secure and authenticated. He also checks that components such as cameras, microphones and other essential elements of the Surface operate safely and have not undergone any kind of modification.
Placing all Surfaces under the umbrella Secured-core PCMicrosoft simplifies the software updates and the correction of any vulnerabilities. Recently the company led by Satya Nadella made a commitment to guarantee six years of updates for firmware and drivers for all Surface devices released starting in 2021.
Lo stack unified which Surface can benefit from and the integration with Windows Update, explains Microsoft, allow the company’s technicians to create and distribute updates more quickly.
Secure access without password and centralized management
Surfaces also take full advantage of Windows Hello and from access to the type system passwordless, using biometric verification or entering a PIN. The devices leverage hardware and software components designed to isolate and protect data biometric credentialsoffering protection against advanced threats.
Using tools MDM (Mobile Device Management) such as Microsoft Intune, IT administrators can control Surface components Secured-core PC directly at the firmware level. Imagine a situation in which a company that manages sensitive data, based on current regulatory constraints, must disable the ability to use cameras, microphones, Bluetooth or USB boot on client devices. The solution proposed by Microsoft allows you to impose limitations that cannot be bypassed and to make them less restrictive, when necessary.
Secure Boot checks components such as the bootloader at startup to ensure they have not been tampered with; Microsoft also mentions System Guard Secure Launch as one of the security features. At the operating system level, Surface uses components such as Hypervisor Code Integrity (to block unverified code from running on your system), Windows Hello, and Bitlocker encryption.
The Secured-core PC initiative aims to be a stimulus for the adoption of Windows 11
Users are slowly switching to Windows 11, especially in the enterprise. With Secured-core PCMicrosoft wants to combine the Windows 11 improvements in terms of security with defenses implemented at the hardware, firmware and software levels to create an ecosystem of products capable of keeping data safe and secure. The visions”Security by Design“ e “Privacy by Design” they want to be less slogans and more guarantees immediately available to users, without applying particular modifications and configurations to their systems.
We said some time ago that the entry of Rust code into the Windows 11 kernel is good news. Here, today Microsoft takes a further step by explaining that the company’s developers are rewriting in Rust all firmware code and software components strictly related to the security of each device.
In fact, it has been proven that Rust reduces vulnerabilities related to memory security by as much as 70%, presenting itself as the safer programming language when critical components need to be programmed.
In addition to making its way into Windows 11, Rust is increasingly an integral part of Azure and Surface devices themselves.