Microsoft today revealed that all Surface devices are Secure Core PCs or Secured-Core. Announced in 2022 for the first time, they combine hardware, software and firmware defenses to protect consumers from threats.
For those who didn't understand Microsoft will be writing its own firmware and software for Surface devices. It will control and manage "the entire ecosystem" to "keep data safe."
Recently, the company promised six years of firmware updates and drivers for all Surface devices released from 2021 and later.
Secured-Core computers must meet certain firmware and hardware requirements. Microsoft lists its requirements on a support page.
This includes Secure Boot, Trusted Platform Module 2.0, and root-level Direct Memory Access Protection. Surface devices have Secure Boot enabled by default and are set to trust only Microsoft firmware. The feature is designed to prevent malware from running at system startup.
Secure Boot verifies items such as bootloader at startup to make sure they haven't been tampered with.
Other requirements for Secured-Core computers include built-in defense against attacks at the firmware level. Microsoft mentions System Guard Secure Launch with System Management Mode isolation as one of the protective features.
At the operating system and software level, Hypervisor Code Integrity, Windows Hello and Bitlocker encryption will be integrated. Hypervisor Code Integrity is designed to prevent unverified execution code in the system.
Of course, all of the above remove the "property titles" from the end user, since they essentially cut off their access to other operating systems. Unless Microsoft decides to release firmware and drivers for Mac-Linux as well.