Trusted Platform Module Technology Overview
PCR - Platform Configuration Registers that secure measurements and relevant metrics to detect changes to previous configuration Trusted Platform Module - Dedicated microcontroller designed to secure hardware through integrated cryptographic keys.Įncrypts and stores keys (BitLocker, Windows Hello, AD Credentials) ensures significantly more control over the hardware of a device through SEMM on-prem management and DFCI cloud-based management through Microsoft Intune admin center Software that configures the device and boots Windows 10Ĭontrols initial boot of device and Windows 10, then provides firmware runtime services to the OS. From chip to cloud, or a UEFI that ensures a Root of Trust to the AI-powered Microsoft Defender for Endpoint that works to prevent, detect, investigate, and respond to advanced threats, Surface enforces the position that built-in from Microsoft is better than bolt-on. Surface drives security through a defense-in-depth approach by utilizing a layering of independent defensive sub-components. Surface devices ship with the strongest security protocols Microsoft offers and enables streamlined management that reduces IT complexity and helps users stay focused on their work. Microsoft designed and built componentsĮvery layer of Surface from chip to cloud is maintained by Microsoft, giving you ultimate control, proactive protection, and peace of mind wherever and however work gets done.
Microsoft provides full transparency of the codebase in our UEFI through the Open Source Project Mu on GitHub, managed by Microsoft Intune admin center.
Microsoft Surface has been using a unified approach to firmware protection and device security since 2015 through complete end-to-end ownership of the hardware design, in-house firmware development, and a holistic approach to device updates and management.įor Surface, our Unified Extensible Firmware Interface (UEFI) 1 is maintained in-house, regularly updated through Windows Update, and seamlessly deployed for management through Windows Autopilot, minimizing risk and maximizing control at the firmware level before the device boots. Ultimately, this can limit the ability of hardware manufacturers to detect and push out timely updates in response to threats. Today, managing device firmware is an inconsistent experience and often involves third-party providers making firmware challenging to monitor and complicated to maintain. Recent advances in security research demonstrate that as more protections are built into the OS and connected services, attackers are looking for other avenues of exploitation with firmware emerging as a top target.
0 kommentar(er)
