To combat threats specifically targeted at the firmware and operating system levels, Microsoft announced a new initiative with its partners to design what they call Secured-core PCs.
These devices meet a specific set of device requirements that apply the security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system. These devices are designed for industries like financial services, government and healthcare, and for workers that handle highly-sensitive IP, customer or personal data, including PII as these are higher value targets for nation-state attackers.
In late 2018, security researchers discovered that hacking group, Strontium has been using firmware vulnerabilities to target systems in the wild with malware delivered through a firmware attack. As a result, the malicious code was hard to detect and difficult to remove – it could persist even across common cleanup procedures like an OS re-install or a hard drive replacement.
Firmware is used to initialize the hardware and other software on the device and has a higher level of access and privilege than the hypervisor and operating system kernel thereby making it an attractive target for attackers. Attacks targeting firmware can undermine mechanisms like secure boot and other security functionality implemented by the hypervisor or operating system making it more difficult to identify when a system or user has been compromised. Compounding the problem is the fact that endpoint protection and detection solutions have limited visibility at the firmware layer given that they run underneath of the operating system, making evasion easier for attackers going after firmware.
Secured-core PCs combine identity, virtualization, operating system, hardware and firmware protection to add another layer of security underneath the operating system. Unlike software-only security solutions, Secured-core PCs are designed to prevent these kinds of attacks rather than simply detecting them. Windows Defender System Guard and Secured-core PC devices are designed to provide the ecosystem of Windows 10 devices with uniform assurances around the integrity of the launched operating system and verifiable measurements of the operating system launch to help mitigate against threats taking aim at the firmware layer.
The built-in measurements can be used by SecOps and IT admins to remotely monitor the health of their systems using System Guard runtime attestation and implement a zero-trust network rooted in hardware.
Starting with Windows 8, Microsoft introduced Secure Boot to mitigate the risk posed by malicious bootloaders and rootkits that relied on Unified Extensible Firmware Interface (UEFI) firmware to only allow properly signed bootloaders like the Windows boot manager to execute. However, since firmware is already trusted to verify the bootloaders, Secure Boot on its own does not protect from threats that exploit vulnerabilities in the trusted firmware.
Using new hardware capabilities from AMD, Intel, and Qualcomm, Windows 10 now implements System Guard Secure Launch as a key Secured-core PC device requirement to protect the boot process from firmware attacks. System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities that are built into the latest silicon from AMD, Intel, and Qualcomm to enable the system to leverage firmware to start the hardware and then shortly after re-initialize the system into a trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path. This mechanism helps limit the trust assigned to firmware and provides powerful mitigation against targeted threats against firmware. This capability also helps to protect the integrity of the virtualization-based security (VBS) functionality implemented by the hypervisor from firmware compromise. VBS then relies on the hypervisor to isolate sensitive functionality from the rest of the OS which helps to protect the VBS functionality from malware that may have infected the normal OS even with elevated privileges. Protecting VBS is critical since it is used as a building block for important OS security capabilities like Windows Defender Credential Guard which protects against malware maliciously using OS credentials and Hypervisor-protected Code Integrity (HVCI) which ensures that a strict code integrity policy is enforced and that all kernel code is signed and verified.
Being able to measure that the device booted securely is another critical piece of this additional layer of protection from firmware compromise that gives admins added confidence that their endpoints are safe. That’s why Microsoft implemented Trusted Platform Module 2.0 (TPM) as one of the device requirements for Secured-core PCs. By using the Trusted Platform Module 2.0 (TPM) to measure the components that are used during the secure launch process, Microsoft help its customers enable zero trust networks using System Guard runtime attestation. Conditional access policies can be implemented based on the reports provided by the System Guard attestation client running in the isolated VBS environment.
In addition to the Secure Launch functionality, Windows implements additional safeguards that operate when the OS is running to monitor and restrict the functionality of potentially dangerous firmware functionality accessible through System Management Mode (SMM).
Beyond the hardware protection of firmware featured in Secured-core PCs, Microsoft recommends a defense-in-depth approach including security review of code, automatic updates, and attack surface reduction. Microsoft has provided an open-source firmware project called Project-Mu that PC manufactures can use as a starting point for secure firmware.
AMD said its upcoming Ryzen processors are Secured-core PC compatible.
Devices verified as Secured-core PC include those from Dell, Dynabook, HP, Lenovo and Panasonic.