Microsoft announces Secured-core PCS to counter firmware attacks

Here&#x27;s the Microsoft URL: <a href="https:&#x2F;&#x2F;www.microsoft.com&#x2F;en-us&#x2F;windowsforbusiness&#x2F;windows10-secured-core-computers" rel="nofollow">https:&#x2F;&#x2F;www.microsoft.com&#x2F;en-us&#x2F;windowsforbusiness&#x2F;windows10...</a><p>One part of this is <i>System Guard Secure Launch</i> which is documented at <a href="https:&#x2F;&#x2F;docs.microsoft.com&#x2F;en-us&#x2F;windows&#x2F;security&#x2F;threat-protection&#x2F;windows-defender-system-guard&#x2F;system-guard-secure-launch-and-smm-protection" rel="nofollow">https:&#x2F;&#x2F;docs.microsoft.com&#x2F;en-us&#x2F;windows&#x2F;security&#x2F;threat-pro...</a><p>Unsurprisingly, TPM 2.0 is also part of the package.<p>Here&#x27;s a really interesting tidbit: <i>&quot;Additionally, Windows monitors and restricts the functionality of potentially dangerous firmware through System Management Mode (SMM).&quot;</i><p>Does this offer protection against malware that uses SMM as an attack vector? Or does this protection run as SMM?<p>In terms of features and protections, how does Secured-core compare to the state of the art in mobile devices and their locked bootloaders?<p>I wonder if Linux can take advantage of secured-core (or parts thereof)?<p>So many questions...