Having spotted an established trend where hackers and malware writers specifically targetted firmware for avenues of exploitation, Microsoft has announced Secured-core PCs. Using firmware exploits has become a big thing for hackers due to it being a relatively new route - and thus it has had less security hardening (only squeaky wheels get oil) - and the power and persistence it can put into nefarious hands.
In a blog post about the new Secured-core PCs, Microsoft says that malware delivered via firmware attack can be "hard to detect and difficult to remove [and] it could persist even across common cleanup procedures like an OS re-install or a hard drive replacement". Furthermore, firmware attacks can undermine security mechanisms like Secure Boot and other mitigations taken by the hypervisor or operating system.
Due to the above, Microsoft has been working closely with the likes of AMD, Intel, and Qualcomm so it can implement deeper protections backed up by Dynamic Root of Trust for Measurement (DRTM) capabilities that are built into the latest silicon from these major vendors.
Microsoft explains that AMD, Intel, and Qualcomm processors "enable the system to leverage firmware to start the hardware and then shortly after re-initialize the system into a trusted state by using the OS boot loader and processor capabilities to send the system down a well-known and verifiable code path." Additionally Secured-core PCs will leverage Trusted Platform Module 2.0 (TPM) as one of their requirements, as this can give and additional layer of protection from firmware compromise and give admins confidence that endpoints are safe.
If you are interested in buying a Secured-core PC, current offerings are aimed at businesses in highly-targeted industries and businesses, as well as organisations like government, financial services, and healthcare. All the examples listed on the new Microsoft Secured-Core PC webpage are 'business laptops' - but there is plenty of choice, from makers like Lenovo, Dell, Panasonic, Dynabook, HP, and the Surface Pro X for Business.