Microsoft now thinks there is a solution to the problem. As part of a new partnership with computer manufacturers, the company has launched an initiative called Security-core PC. With a secure nuclear computer, Microsoft is rethinking Windows's connection to the firmware and how it handles booting a device.
With this new system, the processor firmware will power the system as always, but then limits how much the processor trusts to its own firmware to determine the code path required to start the system. Instead, the processor will call Microsoft's bootloader for these instructions. The ultimate goal of the framework is to create a secure and reliable path that the processor can take every time it loads your computer. One of the main advantages of this system is that it focuses on preventing attacks rather than simply detecting them.
Because Windows 8, Windows has included a feature called Secure Boot, which verifies the authenticity of the boot tool to ensure it is safe to use, the problem with Secure Boot and the reason Microsoft switches to this new system is, it depends on the firmware trust to check every piece of software to boot. Because it works provided your firmware is secure, Secure Boot cannot protect your system when the firmware is attacked.
To deploy a secure nuclear computer, Microsoft works with all major chip makers, including Intel, AMD, and Qualcomm, to make processors that have secure encryption keys burned into the chips during the manufacturing process. Since the system depends on new hardware to protect your computer, you will not be able to download a software update to protect your existing computer from firmware attacks. However, your next Windows computer is likely to get the built-in feature. One of the first devices to feature a kernel-enabled computer is Microsoft's upcoming Surface Pro X with devices from Dell, Lenovo and Panasonic.