{"id":468796,"date":"2022-06-29T15:00:52","date_gmt":"2022-06-29T12:00:52","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/what-is-a-secured-core-pc-for-windows-11\/"},"modified":"2022-06-29T15:00:52","modified_gmt":"2022-06-29T12:00:52","slug":"what-is-a-secured-core-pc-for-windows-11","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/what-is-a-secured-core-pc-for-windows-11\/","title":{"rendered":"#What Is a Secured-Core PC for Windows 11?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a41882f560b8\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a41882f560b8\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-secured-core-pc-for-windows-11\/#%E2%80%9CWhat_Is_a_Secured-Core_PC_for_Windows_11%E2%80%9D\" >&#8220;What Is a Secured-Core PC for Windows 11?&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-secured-core-pc-for-windows-11\/#Security_Baselines\" >Security Baselines<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-secured-core-pc-for-windows-11\/#So_What_Are_Secured-Core_PCs\" >So What Are Secured-Core PCs?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-secured-core-pc-for-windows-11\/#Getting_Down_to_Bare_Metal\" >Getting Down to Bare Metal<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CWhat_Is_a_Secured-Core_PC_for_Windows_11%E2%80%9D\"><\/span>&#8220;What Is a Secured-Core PC for Windows 11?&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n<figure style=\"width: 1200px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage wp-image-814339 size-full\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/06\/Windows11-Secured-Core-1.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"A silver Windows 11 laptop on a black background.\" width=\"1200\" height=\"675\" data-credittext=\"Microsoft\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\">Microsoft<\/span><\/figcaption><\/figure>\n<p>Home PCs can face very different threats from business machines, which is why Microsoft and its manufacturing partners developed the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/click.linksynergy.com\/deeplink?id=2QzUaswX1as&amp;mid=24542&amp;u1=htg\/812013&amp;murl=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fwindows%2Fbusiness%2Fwindows-11-secured-core-computers\">Secured-Core PC for enterprises<\/a>. However, some of their security features are included on all versions of Windows 11. Let\u2019s take a look at how a Secured-Core PC compares to your laptop at home.<\/p>\n<h2 id=\"security-baselines\"><span class=\"ez-toc-section\" id=\"Security_Baselines\"><\/span>Security Baselines<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Security on Windows 11 starts with the basics to stay secure, which Microsoft calls security baselines. These baselines can vary based on device types and industry-specific threats such as web security or confidential data protection.<\/p>\n<p>The term \u201csecurity baselines\u201d is specifically about Windows Pro machines, nevertheless there are some basics that most modern PCs, including Windows 11 Home devices, use to stay secure. One example is the Trusted Platform Module Version 2.0 (TPM 2.0), which Microsoft famously started requiring for Windows 11 machines. TPM is a hardware-level security feature that stores encryption keys in a secure manner for authenticating hardware and software, enabling BitLocker encryption if available, as well as protecting biometric identity and other data.<\/p>\n<p>The next key baseline feature is Secure Boot, which only allows signed (known) operating systems to run. This helps prevent rootkits and other nasty bits of malware that could infect the system. Windows Hello with biometric identity authentication is also considered an essential baseline.<\/p>\n<p>Finally, there\u2019s BitLocker drive encryption, which keeps your data safe when not in use. BitLocker is not available for Windows 11 Home PCs, but some support a lighter version called Windows Device Encryption.<\/p>\n<h2 id=\"so-what-are-secured-core-pcs\"><span class=\"ez-toc-section\" id=\"So_What_Are_Secured-Core_PCs\"><\/span>So What Are Secured-Core PCs?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Microsoft and its partners aim Secured-Core PCs at people who need a higher level of security because of the industry or profession they\u2019re in. Governments may want a Secured-Core PC for dealing with highly privileged information, for example, as would banks, or businesses with highly sought-after intellectual property, or engineers working on critical infrastructure.\u00a0These people can face advanced threats including targeted and physical attacks against their machines in order to pilfer important data or authentication data. Secured-Core focuses on a wide range of potential firmware attacks, which (when successful) can remain on a machine even after wiping the operating system or sw<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ing out components.<\/p>\n<figure style=\"width: 600px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-812025 size-full\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/06\/secure-core-windows-11.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"A silver laptop running Windows 11 on a wooden desk.\" width=\"600\" height=\"500\" data-credittext=\"Microsoft\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"imagecredit\">Microsoft<\/span><\/figcaption><\/figure>\n<p>So what are the extra levels of security you get with Secured Core? One example is Memory Access Protection. This protects against Direct Memory Access (DMA) attacks when a malicious device connects to a PC via <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.lifesavvy.com\/reviews\/the-best-thunderbolt-cables\/\">Thunderbolt<\/a>, PCIe, or some other high-speed interface to get direct access to memory.<\/p>\n<p>From there it can run malware, try to obtain encryption keys, or gain control of the system. Microsoft showed an example of how this could be done and how Memory Access Protection mitigates these attacks during <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.youtube.com\/watch?v=Z00Qym4WATM&amp;t=1022s\">Microsoft Ignite in 2020<\/a>. For a DMA attack to work, typically the attacker must start with physical access to a vulnerable device. Clearly, most of us don\u2019t have to worry about a corporate spy sneaking into our hotel room in order to pwn our laptop. Corporations and governments, however, do.<\/p>\n<p>Another feature of Secured Core PCs is virtualization-based security (VBS), and Hypervisor Code Integrity the main attraction of which is Memory Integrity, an optional security feature in Windows 11 Home. On Secured-Core PCs this is enabled by default, and newer pre-built PCs and laptops with Windows 11 Home may have it activated as well. Older systems that upgraded to Windows 11, however, usually don\u2019t.<\/p>\n<p>To prevent malicious compromise of your system Memory Integrity runs key processes inside a virtual environment to isolate them from the system and reduce the chances of a malicious attack. To do this, however, it uses the PC\u2019s virtualization capabilities.<\/p>\n<p>This means you may run into trouble if you\u2019re running virtual machines via programs like VirtualBox, or if you\u2019re trying to overclock your system with something like Ryzen Master. More often than not, Memory Integrity will not play nice with these programs. If you run into issues you\u2019ll have to either boot into safe mode to turn Memory Integrity off, or even race to open Windows Security and turn the feature off before the Blue Screen of Death splashes across your monitor.<\/p>\n<p>Memory integrity also won\u2019t run if you have older hardware with outdated drivers. The good <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> is that if you do have a driver issue, Windows will alert you to the problem and won\u2019t allow you to activate Memory Integrity until the problem is resolved.<\/p>\n<p>If, after all those caveats, you\u2019d like to try turning on Memory Integrity on your upgraded Windows 11 Home PC, then open the Windows Security app by clicking Start &gt; All Apps &gt; Windows Security.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-812311\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/06\/WindowsSecurityStart1.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"&quot;Windows Security&quot; in a list of apps in Windows 11\" width=\"574\" height=\"522\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>On the left-hand rail select Device Security, and then on the page that appears under Core Isolation select the link \u201cCore Isolation Details.\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-812312\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/06\/DeviceSecuritySmall.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"The Windows Security app showing the Device Security menu option and the Core Isolation option \" width=\"650\" height=\"334\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Finally, under Memory Integrity flip the slider from Off to On.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-812314\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/06\/CoreIsolation2.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" width=\"458\" height=\"524\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Windows 11 will then ask you to reboot your machine. After that, may the fates be with you.<\/p>\n<p>Two additional major features of Secured Core are System Guard and Dynamic Root of Trust Measurement (DRTM). These two features work together to ensure the system remains secure during boot and while running.<\/p>\n<p>System Guard is focused on protecting the integrity of the computer system during start-up and then ensures that the system is in a good state through remote and local methods of verification. This includes the ability for the IT department to remotely analyze the results of a system\u2019s boot process using data stored and protected on the device by the TPM 2.0.<\/p>\n<p>DRTM is a part of System Guard. It allows the system to start in an untrusted state (from the point of view of Windows) to overcome having to verify and whitelist every possible variant of a motherboard BIOS under the sun. Then shortly after the boot process starts, DRTM makes sure that all system CPUs go through a known and trusted path to get the system up and running.<\/p>\n<p>To read more of the technical details about System Guard and DRTM check out <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-defender-system-guard\/how-hardware-based-root-of-trust-helps-protect-windows\">Microsoft\u2019s online documentation<\/a>.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Getting_Down_to_Bare_Metal\"><\/span>Getting Down to Bare Metal<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Basically, a Secured-Core PC is about fighting against advanced threats that try to sneak in malware before the operating system loads. A critical feature for PCs that have critical data on them relating to, say, energy security or extremely valuable intellectual property.<\/p>\n<p>Some of these features, or similar ones, are available to Windows Home PCs, and if you buy a new PC, many of them will be activated by default. If you\u2019ve built your system or upgraded from Windows 10 they often won\u2019t be activated, but you can turn them on. Secure Boot is a no-brainer, but Memory Integrity should be treated with caution, especially on older machines.<\/p>\n<p>You can view <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/click.linksynergy.com\/deeplink?id=2QzUaswX1as&amp;mid=24542&amp;u1=htg\/812013&amp;murl=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fwindows%2Fbusiness%2Fdevices%3Fcol%3Dsecured-core-pcs\">a list of available Secured-Core PCs<\/a> on Microsoft\u2019s website.<\/p>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/812013\/what-is-a-secured-core-pc\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;What Is a Secured-Core PC for Windows 11?&#8221; Microsoft Home PCs can face very different threats from business machines, which is why Microsoft and its manufacturing partners developed the Secured-Core PC for enterprises. However, some of their security features are included on all versions of Windows 11. Let\u2019s take a look at how a Secured-Core&#8230;<\/p>\n","protected":false},"author":1,"featured_media":468797,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/06\/Windows11-Secured-Core-1.png?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-468796","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/468796","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=468796"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/468796\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/468797"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=468796"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=468796"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=468796"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}