Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Microsoft Announces New Way to Securely Boot a Computer

October 22, 2019

It is a constant battle to provide a safe computing environment for users. One challenge is dealing with the computer firmware as the machine boots. If the bad guys can attack the firmware, they can basically get in front of the operating system and get total control. Microsoft thinks it may have a solution. As PCWorld reported, "Microsoft, chipmakers, and several PC makers on Monday announced Secured-core PCs, which use hardware-based defense mechanisms to combat firmware-level security attacks." According to Microsoft, "Secured-core PCs combine identity, virtualization, operating system, hardware and firmware protection to add another layer of security underneath the operating system."

Basically, the machine would first boot from the firmware like it does right now. Under the new design, there is a limit as to how much the processor trusts the firmware to define the path to code execution. Instead, the processor will call on Microsoft's bootloader for additional instructions. Think of it as placing the system in a trusted state for booting. This prevents any virtualization capabilities from being compromised before starting up. This is propeller head stuff, but should give us more secure machines.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com