Tag Archives: Secure Boot

The Microsoft Secured-core PC Initiative Explained!

Microsoft and their hardware partners just announced the Secured-core PC initiative to combat threats that target the PC’s firmware and operating system.

With help from David Weston, Partner Director of Microsoft OS Security, here is everything you need to know about the Secured-core PC initiative!

 

What Is The Secured-core PC Initiative?

Secured-core PC is a new Microsoft initiative that they just announced. In partnership with their hardware partners, they aim to create a specific set of requirements for devices that are meant for secure use.

These requirements will apply the best practices in data security – isolation and minimal trust in the firmware layer and the device core that underpins the Windows operating system.

Secured-core PC devices will be targeted at industries like financial services, government and healthcare, and anyone who work with valuable IP, customer or personal data. They would also be useful for persons of interest, who would be high-value targets for hackers and nation-state attackers.

 

Is There A Need For Secured-core PC?

As more protection is built into the operating system and connected services, attackers are exploring other methods with firmware emerging as a top target.

The NIST’s National Vulnerability Database shows a near 5X increase in the number of firmware vulnerabilities in the last 3 years :

In late 2018, security researchers discovered that the hacking group Strontium targeted systems in the wild with malware that made use of firmware vulnerabilities.

Because it targeted firmware, the malicious code was hard to detect, and difficult to remove. It even persists after the operating system is reinstalled, or the storage drive replaced!

 

Why Is Firmware The New Target?

Firmware is used to initialise the hardware and software when a device is started up. It therefore has a higher level of access and privileges than the hypervisor and operating system kernel.

This means firmware attacks that succeed can undermine protective mechanisms like Secure Boot that the hypervisor or operating system use to protect against malware.

Firmware attacks can more easily evade endpoint protection and detection solutions, because the latter run under the operating system layer, and therefore have limited visibility of the firmware layer.

 

What Is A Secured-core PC Made Up Of?

Secured-core PCs will combine multiple layers of protection – identity, virtualisation, operating system, hardware and firmware – to prevent attacks, rather than simply detecting them.

They all ensure that the device will boot securely and is protected against firmware vulnerabilities, shielding the operating system from attacks and preventing unauthorised access to the device and data.

Recommended : How AMD CPUs Work In A Secured-core PC Device

System Guard Secure Launch

Microsoft is now implementing System Guard Secure Launch in Windows 10 as a key Secured-core PC requirement.

System Guard uses the Dynamic Root of Trust for Measurement (DRTM) capabilities built into the latest processors from AMD, Intel and Qualcomm, to protect the boot process from firmware attacks.

The firmware is used to start the hardware, and then shortly after, re-initialise the system into a trusted state. This helps to limit the trust assigned to the firmware, greatly mitigating against firmware attacks.

This method also helps protect the integrity of the Virtualisation-Based Security (VBS) feature in the hypervisor against firmware vulnerabilities. This is critical because VBS is used for important OS security functions like Windows Defender Credential Guard and Hypervisor-protected Code Integrity (HVCI).

Trusted Platform Module 2.0

Microsoft is also implementing Trusted Platform Module 2.0 (TPM) as a device requirement for Secured-core PCs.

It is used to measure the components that are used during the secure launch process, allowing for zero trust networks using System Guard runtime attestation.

 

Secured-core PC Availability

Secured-core PC devices are available from Dell, Dynabook, HP, Lenovo, Panasonic and Microsoft’s own Surface brand.

 

Recommended Reading

Go Back To > Cybersecurity | ComputerHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The AMD Ryzen PRO Desktop CPU Tech Report

Right on the heels of the big reveal of the AMD EPYC 7000 Series (formerly known as AMD Naples) of enterprise server processors, AMD just announced the AMD Ryzen PRO family of desktop processors. Here is everything you need to know about them, including their specifications, key features and availability.

Updated @ 2017-09-03 : Added the first slew of desktop and notebook PCs that will ship soon.

Originally posted @ 2017-07-01

 

Enterprise-Grade Performance

The AMD Ryzen PRO processors are basically enterprise-grade versions of the AMD Ryzen 7 and Ryzen 5 processors. They have the same features performance characteristics as their consumer-grade brothers, like Precision Boost and Extended Frequency Range (XFR). The PRO versions just have additional security and remote management capabilities.

The slides above appear to have two typos. But the only important one you need to know is that, like the AMD Ryzen 7, the Ryzen 7 PRO has a peak frequency of 3.8 GHz.

[adrotate group=”1″]

 

The AMD Ryzen PRO Value Proposition

As our AMD Ryzen 7 1800X review has shown, the AMD Zen core is about 10% slower per clock cycle than the Intel Skylake core. It therefore comes to no surprise that AMD is focusing on their value proposition. They’re offering more cores at the same price points, delivering more performance per dollar.

Here are four spider charts that AMD created to show how much performance advantage the Ryzen PRO processors can offer over their direct Intel competitors. Like their consumer-grade brothers, these enterprise-grade processors directly compete with the 7th Generation Intel Core processors (formerly known as Kaby Lake).

With twice as many cores and threads, the AMD Ryzen 7 PRO 1700 appears to offer up to 73% better performance than the Intel Core i7-7700 in TrueCrypt (AES encryption).

The Ryzen 5 PRO 1600 offers 50% more processor cores and the ability to simultaneously process 3X more instruction threads than the Intel Core i5-7500. The end result – it was just over twice as fast in AES encryption using TrueCrypt, and almost twice as fast at rendering a 3D image in CINEBENCH R15.

The Ryzen 5 PRO 1500 has 4 cores, just like the Intel Core i5-7500, but its SMT capability allows it to process twice as many instruction threads. That allowed it to offer up to 76% better performance in 3DMark 11.

The Ryzen 3 PRO 1300 offers twice as many cores, albeit processing the same number of instruction threads, as the Intel Core i3-7100. That still allowed it to deliver up to 76% better performance in 3DMark 11.

Now, this is similar to what the consumer-grade AMD Ryzen 7 and Ryzen 5 processors already offer. So what extra features do these enterprise-grade desktop processors offer? Let’s find out!

Next Page > Key Features, Specifications & Availability

[adrotate group=”1″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Built-In Security Features

The AMD Ryzen PRO processors come with enterprise-grade security features called AMD Secure Technologies.

They consist of a 128-bit AES encryption engine and support for Windows 10 Enterprise Security, fTPM (firmware Trust Platform Module) and Secure Boot. They also support Transparent Secure Memory Encryption, which allows for independent encryption of memory contents with minimal performance impact.

AMD took care to point out that while similar security features are available with the Intel Core i7 and Core i5 vPro processors, there are no Core i3 vPro processors. This gives the AMD Ryzen 3 PRO processors a distinct advantage over the Core i3.

 

Greater Reliability & Manageability

Large enterprises are not just interested in performance. Reliability and manageability are arguably of greater concern to them. They also want supply chain certainty, so AMD guarantees the availability of every PRO model for 24 months. AMD will also reserve their highest yield wafers for these enterprise-grade processors, to ensure greater reliability.

Needless to say, these PRO processors have built-in remote management capabilities, similar to the Intel Active Management Technology that is part of Intel vPro. AMD implements the DASH (Desktop and mobile Architecture for System Hardware) open standard, while Intel AMT is proprietary in nature.

Again, AMD pointed out that these management and reliability features are not available for the Intel Core i3 processors, giving their AMD Ryzen 3 PRO processors a leg up in these aspects.

[adrotate group=”1″]

 

AMD Ryzen PRO Specifications

AMD has announced six PRO processors to start with, with the Ryzen 7 PRO and Ryzen 5 PRO processors mimicking the consumer-grade Ryzen 7 and Ryzen 5 processors already launched. Here is a simple table summarising their key specifications :

 

Desktop + Mobile Availability Updated!

According to AMD, Ryzen PRO-based PCs will start shipping in the second half of 2017., with these desktop PCs shipping shortly :

[adrotate group=”2″]
  • Dell Optiplex 5055 – shipping in the coming weeks
  • HP EliteDesk 705 – shipping in the coming weeks
  • Lenovo ThinkCentre M715 – shipping in the coming weeks

Laptop users are not forgotten though. AMD plans to release the Pro mobile processors in the first half of 2018. That said, they also announced that these laptops will ship by the end of the year :

  • Lenovo ThinkPad A475 and A275 laptops – shipping in Q4 2017

Next Page > The Complete Presentation & Press Release

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Official AMD Ryzen PRO Presentation Slides

Here is the complete set of the AMD Ryzen PRO presentation slides for your perusal.

[adrotate group=”1″]

 

The AMD Ryzen PRO Press Release

SUNNYVALE, Calif. — June 29, 2017 — Following the global excitement generated by the launch of its new EPYC family of server processors, AMD (NASDAQ: AMD) today added another tier to its enterprise CPU portfolio with the introduction of AMD Ryzen PRO desktop processors. Designed to meet the demands of today’s compute-intensive workplace, Ryzen PRO desktop processors will bring reliability, security, and performance to enterprise desktops worldwide.

“Today marks another important step in our journey to bring innovation and excitement back to the PC industry: the launch of our Ryzen PRO desktop CPUs that will bring disruptive levels of performance to the premium commercial market,” said Jim Anderson, senior vice president and general manager, Computing and Graphics Group, AMD. “Offering a significant leap in generational performance, leadership multi-threaded performance, and the first-ever 8-core, 16-thread CPU for commercial-grade PCs, Ryzen PRO provides a portfolio of technology choices that meet the evolving needs of businesses today and tomorrow.”

Ryzen PRO Lineup

Delivering breakthrough responsiveness for the most demanding enterprise-class applications and multi-tasking workflows, the ‘Zen’ core in every Ryzen PRO processor provides up to 52 percent improvement in compute capability over the previous generation1, and the Ryzen 7 PRO 1700 offers up to 62 percent more multi-threaded performance than select competing solutions2.

Security

Targeted for enterprise and public sector implementations, Ryzen PRO processors offer state-of-the-art silicon-level security, providing hardware-based cryptographic and security technologies to help protect against an ever-growing number of threats. Security standards like secure boot, fTPM (firmware Trust Platform Module), AES, and Windows 10 Enterprise security features are fully supported across the entire Ryzen PRO processor family.

[adrotate group=”2″]

Dependability

Built upon exceptional AMD product dependability and sourced from wafers with the highest yields, Ryzen PRO processors provide commercial-grade quality and reliability to help ensure platform longevity for future-ready computing. Industry-leading, open-standard DASH manageability allows for CPU-agnostic administration and helps ensure businesses avoid getting locked into proprietary solutions.

Availability

The world’s largest suppliers of commercial client desktops are expected to provide Ryzen PRO-based PCs to businesses worldwide in the second half of 2017. Ryzen PRO mobile is scheduled for the first half of 2018.

 

Suggested Reading

Go Back To > First PageComputer Hardware + Systems | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!