Microsoft announces Secured-core PCS to counter firmware attacks
venturebeat.comHere's the Microsoft URL: https://www.microsoft.com/en-us/windowsforbusiness/windows10...
One part of this is System Guard Secure Launch which is documented at https://docs.microsoft.com/en-us/windows/security/threat-pro...
Unsurprisingly, TPM 2.0 is also part of the package.
Here's a really interesting tidbit: "Additionally, Windows monitors and restricts the functionality of potentially dangerous firmware through System Management Mode (SMM)."
Does this offer protection against malware that uses SMM as an attack vector? Or does this protection run as SMM?
In terms of features and protections, how does Secured-core compare to the state of the art in mobile devices and their locked bootloaders?
I wonder if Linux can take advantage of secured-core (or parts thereof)?
So many questions...