Modern Security Capabilities
Relying on the advanced security capabilities built into modern CPUs, Dynabook’s Secured-core PC protects the integrity of Windows and its boot process from advanced attacks at the firmware level. Our Secured-Core PCs all use Dynamic Root of Trust Measurement (DRTM)* to launch the system into a trusted state by transferring control from the CPU directly to the Windows hypervisor loader via a secured and measured handoff.
Strong Code Integrity
Along with ensuring a small trusted computing base by establishing a hardware root of trust, a Secured-core PC ensures that code running within that trusted computing base runs with integrity and is not subject to outside exploit or attack. Secured-core PCs use policies enabled with Hypervisor Protected Code Integrity (HVCI)** to check system software before it is loaded, and only start executables that are signed by known, approved authorities. HVCI runs in the Virtualization-Based Security (VBS)***, which protects it from outside attack.
Mission-Critical Data Protection
As Secured-core PCs, Dynabook’s Portégé X30, Tecra X40 and Tecra X50, provide the highest level of protection against potential data loss by guarding against drive-by attacks that can lead to the disclosure of sensitive information or injection of malware. Secured-core PCs block external peripherals from starting and performing Kernel Direct Memory Access (DMA) only when the drivers for these peripherals support memory isolations. In addition, Dynabook Secured-core PCs use BitLocker Drive Encryption to help protect user data.
Identity Verification and Protection
Passwords alone often don’t sufficiently protect system data and identities. To ensure the data’s safety against theft, compromise and phishing attacks, Dynabook’s Secured-core PCs use Windows Hello to prevent user identity and credential-based attacks through a combination of biometric sensors and hardware-based credential storage.
Module (TPM) 2.0
|Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related
functions. A TPM chip is a secure crypto processor that helps you with actions such as generating, storing,
and limiting the use of cryptographic keys. Many TPMs include multiple physical security mechanisms to
make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM.
|Virtualization-Based Security, or VBS, uses hardware virtualization features to create and isolate a secure
region of memory from the normal operating system. Windows can use this "virtual secure mode" to host a
number of security solutions, providing them with greatly increased protection from vulnerabilities in the
operating system, and preventing the use of malicious exploits which attempt to defeat protections.
Code Integrity (HVCI)
|A Virtualization-Based Security (VBS) solution which uses VBS to significantly strengthen code integrity
policy enforcement. Kernel mode code integrity checks all kernel mode drivers and binaries before they're
started and prevents unsigned drivers or system files from being loaded into system memory.