
Microsoft announces Secured-core PCS to counter firmware attacks - vividmind
https://venturebeat.com/2019/10/21/microsoft-announces-secured-core-pcs-to-counter-firmware-attacks/
======
Tepix
Here's the Microsoft URL: [https://www.microsoft.com/en-
us/windowsforbusiness/windows10...](https://www.microsoft.com/en-
us/windowsforbusiness/windows10-secured-core-computers)

One part of this is _System Guard Secure Launch_ which is documented at
[https://docs.microsoft.com/en-us/windows/security/threat-
pro...](https://docs.microsoft.com/en-us/windows/security/threat-
protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-
protection)

Unsurprisingly, TPM 2.0 is also part of the package.

Here's a really interesting tidbit: _" Additionally, Windows monitors and
restricts the functionality of potentially dangerous firmware through System
Management Mode (SMM)."_

Does this offer protection against malware that uses SMM as an attack vector?
Or does this protection run as SMM?

In terms of features and protections, how does Secured-core compare to the
state of the art in mobile devices and their locked bootloaders?

I wonder if Linux can take advantage of secured-core (or parts thereof)?

So many questions...

