Microsoft and partners toughen firmware defense

For many people who are not technology professionals, the word "firmware" appears negative for the first time. The news of the last few years has repeatedly used the word to report attacks. What is the firmware? If the software is "soft", is it just another word for hardware?

The firmware is actually "the code that defines the relationship between hardware and software", stated Igor Bonifacic in Engadget, and is "vital for any computer". The crucial role played by hardware manufacturers, however, is that the firmware is often written by them, he pointed out, rather than by the developers of the operating system. "This means that there are countless different varieties of firmware, each with its own specific set of oddities and vulnerabilities."

Microsoft security people have decided it's enough with oddities and vulnerabilities. They are being born for more stringent requirements, more stringent protection against firmware threats. Microsoft and some hardware partners are looking for solutions to eliminate threats against PC firmware.

David Weston, director of operating system security at Microsoft, talked about the fundamentals with Lily Hay Newman in Wired. "The firmware works at a privileged level. It is the thing that starts the machine – it plays a fundamental role. However the firmware is not integrated in update systems such as Windows updates and for companies their visibility in the firmware is generally relatively limited . privileged and there are many opportunities for bugs ".

Their decision to offer PC protections against targeted firmware attracted headlines this week. Now Microsoft's OEM partners will be able to respond to the new Microsoft Secured-core PC initiative.

Brandon Hill of HotHardware commented on the discomfort for evil actors. "There is no doubt that we live in relatively dangerous times with regards to computer security problems. It has not been a week since we hear about app malware, the database of some customers of large companies being looted or devices themselves subject to low-level attacks ".

Weston told viewers of the Microsoft Security site what this "PC protected" move is about.

Who: will interest the devices created in collaboration with PC manufacturers and Microsoft silicones.

What: a specific set of device requirements that applies the best security practices of "minimal isolation and reliability at the firmware level or core of the device" that underlies Windows. The devices are designed specifically for areas such as financial services, government, healthcare. Furthermore, it is intended for workers who manage IP data, customers and sensitive personnel.

How: Microsoft has partnered with partners to make sure the new features are shipped in ready-to-use devices.

"Windows 10 now implements System Guard Secure Launch as a key requirement for protected PC devices to protect the boot process from firmware attacks."

They turned to the features of AMD, Intel and Qualcomm.

Newman developed in Wired. "Microsoft has partnered with AMD, Intel and Qualcomm to create new chips for central processing units that can perform integrity checks during boot-up in a controlled and encrypted way. Only chip makers will hold the encryption keys for mediate these checks, and burned down on CPUs during production. "

System Guard uses the Dynamic Root of Trust for Measurement (DRTM) features integrated into the silicon of AMD, Intel and Qualcomm.

According to the Microsoft Security site, "System Guard uses the Dynamic Root of Trust for Measurement (DRTM) features integrated into the latest silicon from AMD, Intel and Qualcomm to allow the system to leverage the firmware to start the hardware and therefore shortly after having reinitialized the system in a reliable state using the boot loader of the operating system and the processor's capabilities to send the system along a known and verifiable code path.

"This mechanism helps to limit the trust assigned to the firmware and provides powerful mitigation against cutting-edge and firmware-targeted threats. This feature also helps protect the integrity of virtualization-based security (VBS) functionality. implemented by the hypervisor from firmware compromise VBS then relies on the hypervisor to isolate sensitive functionality from the rest of the operating system, which helps protect VBS functionality from malware that may have infected the normal operating system too with elevated privileges. "

OK, so, thanks to Igor Bonifacic in Engadget, his readers had an idea of ​​what happens when the Secured-core PC is put into operation.

Bonifacic: "… the firmware of a processor will turn on the system as usual, but then limits the amount of trust of its firmware to define the path of the code necessary to start the system. The processor will instead call the Microsoft bootloader for those L & The ultimate goal of the framework is to create a safe and reliable path that the processor can follow whenever it starts up the computer. A major advantage of this system is that it puts the emphasis on preventing attacks instead of detecting them . ".

The effort does not stop with the protection of hardware. C & # 39; something called your project. "In addition to hardware-based firmware protection on PCs with protected cores, Microsoft recommends an in-depth defense approach that includes code security review, automatic updates, and reduced attack surface. Microsoft provided an open source firmware project called Project -Mu that PC manufacturers can use as a starting point for secure firmware ".

Is the secured core PC the magic bullet? Don't you need to worry about hackers who stage firmware attacks? Weston of Microsoft is not so naive. "We will never say that it is impossible to compromise something," he said in Wired. "But we always want to increase costs, so it's prohibitive for most opponents."

What's next? "One of the first devices that will include the protected PC core is Microsoft's next Surface Pro X, which will be followed by devices from Dell, Lenovo and Panasonic," said Engadget.

Wired said that other models will eventually come out on the devices. "Protected core PCs will also have an identification sticker, so you will know what you will receive the next time you buy."

Thunderstrike 2: the Proof-of-concept worm could infect Macs

© 2019 Science X Network

quote:
Microsoft and partners strengthen the defense of firmware (October 23, 2019)
recovered on October 23, 2019
from https://techxplore.com/news/2019-10-microsoft-partners-toughen-firmware-defense.html

This document is subject to copyright. Apart from any equity for the purposes of study or private research, n
part may be reproduced without written permission. The content is provided for informational purposes only.

Comments are closed.