Dynabook Americas, Inc., Inc. (formerly Toshiba America Client Solutions, Inc.), is partnering with Microsoft to build more secure Windows devices.
The new class of Windows 10 Secured-core PCs are designed with deep integration between hardware and software, and feature Intel CPUs to ensure resistance to current and future cyber-threats.
Dynabook’s Portégé X30, Tecra X40 and Tecra X50 , are among the industry’s first laptops to offer this next-level hardware, software and identity protection.
Secured-core PCs are intended to handle mission-critical data and protect workers in some of the most data-sensitive industries, such as healthcare providers handling medical records.
The Portégé X30, Tecra X40 and Tecra X50 incorporate hardware-based security components like Trusted Platform Module 2.0 (TPM) and modern CPUs along with virtualization-based security (VBS) and Windows Dynamic hypervisor code integrity (HVCI) service. These measures create a hardware-isolated environment that effectively isolates memory and critical components to prevent attacks and unauthorized access to critical parts of the operating system.
Dynabook’s Secured-core PCs protect the integrity of Windows and its boot process from attacks at the firmware level. The Portégé X30, Tecra X40 and Tecra X50 use dynamic root of trust measurement (DRTM) to launch the system into a trusted state by transferring control from the CPU directly to the Windows hypervisor loader via a secured and measured handoff. With the Windows hypervisor securely launched in a state measured by hardware, the VBS environment is then created in memory to isolate critical keys and processes from the regular Windows operation system that will soon be started.
To ensure the data’s safety against theft, compromise and phishing attacks, Dynabook’s Secured-core PCs use Windows Hello to prevent user identity and credential-based attacks through a combination of biometric sensors and hardware-based credential storage. This includes face, fingerprint, secure FIDO2 key, or PIN authentication, while Credential Guard leverages virtualisation-based security (VBS) to block the tools used in such attacks and ensure malware running in the operating system cannot extract authentication tokens.
Secured-core PCs block external peripherals from starting and performing Kernel Direct Memory Access (DMA) unless the drivers for these peripherals support memory isolations. Peripherals with compatible drivers will be automatically recognized, started, and allowed to perform DMA to their assigned memory regions. By default, peripherals with incompatible drivers will be blocked from starting and performing DMA until an authorized user signs into the system or unlocks the screen.
In addition, Dynabook laptops use BitLocker Drive Encryption to help protect user data and ensure that a computer has not been tampered with while the system was offline. These additional security measures provide multifactor authentication and assurance that the PC will not start or resume from hibernation until the correct PIN or startup key is presented.