Secured-core PCs protect your data down to the hardware

What you need to know

  • Microsoft partnered with several PC manufacturers to create Secured-core PCs.
  • These PCs protect data and devices at a hardware, firmware, and software level.
  • Dell, Dynabook, HP, Lenovo, Panasonic, and Microsoft all have devices that are Secured-core PCs.

As attackers use more advanced ways to gather data and steal identities, PC-makers have to utilize new ways to improve security. Microsoft partnered with several PC manufacturers to create devices that called "Secured-core PCs." These devices use security measures at the hardware, firmware, and software levels to protect data and user identities. Dell, Dynabook, HP, Lenovo, Panasonic, and Microsoft have devices that are Secured-core PCs.

Secured-core PCs are aimed at users that have highly sensitive data, such as people working in healthcare, financial services or for the government. Though, the devices are generally available to consumers, so anyone who wants to have extra security could utilize the options on their Secured-core PC. For example, the Lenovo ThinkPad X1 Yoga 4th Gen and Lenovo ThinkPad X1 Carbon 7th Gen are both Secured-core PCs.

Attackers often utilize firmware to attempt to access PCs. Firmware has the ability to make changes to devices that even software and the operating system of a device can't. As a result, attackers that utilize firmware can bypass many security measures and gain access to sensitive data. Attacks that target firmware can undermine secure boot and other security measures. Endpoint protection and detection solutions don't have full visibility and access to the firmware layer, which means that attacks can circumvent these as well.

To combat firmware level attacks, Windows Defender now implements System Guard Secure Launch. Supporting this is a requirement for Secured-Core PCs and uses new hardware capabilities from AMD, Intel, and Qualcomm. Microsoft explains that System Guard uses capabilities that are built into silicon from major chip manufacturers,

System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities that are built into the latest silicon from AMD, Intel, and Qualcomm to enable the system to leverage firmware to start the hardware and then shortly after re-initialize the system into a trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path. This mechanism helps limit the trust assigned to firmware thereby providing a powerful mitigation against cutting-edge, targeted threats against firmware. This capability also helps to protect the integrity of the virtualization-based security (VBS) functionality implemented by the hypervisor from firmware compromise.

Secured-core PCs leverage a number of technologies to isolate hardware, detect attacks using software, and protect devices from attacks that utilize firmware. A page from Microsoft dedicated to Secured-core PCs explains each level of security and includes a helpful video summary for anyone looking to utilize the security of these devices. It also includes a full list of Secured-core PCs.

Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.