Skip to main content

Surface Duo sports 'custom engineered UEFI' to directly address security threats

Surface Duo
Surface Duo (Image credit: Microsoft)

What you need to know

  • Microsoft developed a custom UEFI for Surface Duo's firmware.
  • The company says this will allow it to review every line of firmware code.
  • This should allow Microsoft to "respond directly and agilely, to potential firmware threats," the company says.

After launching the Surface Duo last week, Microsoft published documentation (opens in new tab) on its approach to security in hte new device. A lot of the security features Microsoft outlines are standard for any Android phone. However, there are a couple of custom bits that stand out.

The most notable addition is Microsoft's "custom engineered" Unified Extensible Firmware Interface (UEFI). This gives Microsoft "full control" over firmware components, and it's somethign the company already uses in its other Surface devices.

"Microsoft delivers Enterprise-grade security to Surface Duo by writing or reviewing every line of firmware code in house, enabling Microsoft to respond directly and agilely, to potential firmware threats and to mitigate supply chain security risks," Microsoft says in its documentation. Notably, that means Microsoft could act independently and more quickly address any firmware vulnerabilities it detects.

On the other hand, it could mean an Android patch wouldn't be compatible with Duo and could take more engineering time to apply. This is something we already see with other high-end Android phones, so it wouldn't be surprising. However, it will be interesting to see what the pace of security updates from Microsoft is once it launches.

The second notable addition from Microsoft is Microsoft Defender ATP. This is an "enterprise grade antivirus and malware protection software" that is available across both Windows 10 and Android devices. Note that this requires Android devices to be managed through Intune.

Because Surface Duo is being pitched as a productivity device, security is an important piece of the puzzle. Leaning on Android's standard set of security and management features should make it easier for large companies and organizations to adopt, and Microsoft's custom UEFI augments those capabilities.

Surface Duo is availabke to preorder now starting at $1,400 from Microsoft, Best Buy, and AT&T.

Microsoft Surface Duo

Main

Dan Thorp-Lancaster is the Editor in Chief for Windows Central. He began working with Windows Central as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl. Got a hot tip? Send it to daniel.thorp-lancaster@futurenet.com.

5 Comments
  • I'm surprised that the Surface Duo, an Android device, uses an UEFI as opposed to a mere bootloader, which on normal Android devices simply serves to initialize hardware and start the kernel and rest of the OS. It's not exactly a UEFI like in the traditional PC sense. Would be interesting to see how exactly Microsoft's implementation interacts with the Android OS.
  • This is not surprising since all Windows 10 Mobile devices had a UEFI firmware rather than a locked bootloader for a specific operating system.
  • I wonder because it is designed to be PC-like, this may become bit easier for modders considering Surface Duo have unlockable bootloader. Maybe other OS like Windows and some Linux may be indeed easier to install on the device?
  • A UEFI eh? Hmmmm.....🤔
  • I can see this flexibility being useful for certain enterprises. Makes me think how well a cheaper (and potentially lower spec'd) Surface phone could potentially sell as hot cakes to big businesses.