TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

UEFI Secure Launch can detect malicious firmware code for Windows 10 security

Microsoft has outlined a new Secure Launch mechanism to safeguard PCs against malicious firmware code. Secure Launch on Windows 10 is designed to safeguard your PC against sophisticated boot attacks. At first, it allows the execution of untrusted code during the boot process but then it takes control of the CPU processes so that the system is successfully launched into a trusted state. The core functionality of the Secure Launch is to filter out early Unified Extensible Firmware Interface (UEFI) code from the trust boundary.

UEFI-Secure-Launch-Windows-10

What is Secure Launch?

Windows 10 has so many built-in features to prevent advanced hardware and firmware attacks. But for these features to work as intended, Microsoft says the platform’s firmware and hardware must be trustworthy and healthy. A trusted source encrypts every component in the boot process for validation purposes. If attackers tamper with those components, they could gain unauthorized control over Windows 10 security features that use the firmware and hardware.

This is where the Secure Launch comes in handy. In its recent blog post, Microsoft said:

“Secure Launch is the first line of defense against exploits and vulnerabilities that try to take advantage of early-boot flaws or bugs. Firmware enclaves and built-in silicon instructions allow systems to boot into a trusted state by forcing untrusted, exploitable code down a specific and measured path before launching into a trusted state.”

How Secure Launch on Windows 10 works?

Divided into two phases, the first phase in the Windows boot environment runs with UEFI and benefits from boot services considered untrusted for Secure Launch. During the second phase, the trusted portion runs in the absence of firmware services. The second phase (trusted phase) only runs a portion necessary to perform a Dynamic Root of Trust Measurement (DRTM) event.

Secure Launch on Windows 10 safeguards Secure Management Mode

Ensuring the safety of System Management Mode (SMM) is of paramount importance. Well, the SMM handles power management, hardware configuration, thermal monitoring, and more. Hence, if an attacker can exploit SMM, they can easily bypass some of the checks in Secure Launch or even worse, they can also exploit the runtime operating system. Thanks to Secure Launch, Windows 10 PCs can detect when SMM is trying to access a critical platform resource such as memory, IO, or certain CPU registers.

Secure Launch works well with support for components, as follows:

  1. Intel, AMD, or ARM virtualization extensions
  2. Trusted Platform Module (TPM) 2.0
  3. On Intel: TXT support in the BIOS
  4. On AMD: SKINIT package must be integrated in the Windows system image
  5. On Qualcomm: Implements DRTM TrustZone application and supports SMC memory protections.
  6. Kernel DMA Protection

On secured-core PCs, System Guard Secure Launch with SMM Protection is enabled by default.

Published on Tags:

AnandKhanse@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP (2016-2022). He enjoys following and reporting Microsoft news and developments in the world of Personal Computing.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap