Secured-core PCs, such as Portege / Tecra X30-F, X30-G, X30W-J, X40-F, X40-G, X40-J, X40-F, X50-F and X50-G, meet a specific set of device requirements that apply the security best practices of isolation and minimal trust to the firmware layer, or the device core, that underpins the Windows operating system.
Secured-Core PC infographic by Microsoft
These devices are designed specifically for industries like financial services, government and healthcare, and for workers that handle highly-sensitive IP, customer or personal data. Compatible Secured-core PCs combine identity, virtualization, operating system, hardware and firmware protection to add another layer of security underneath the operating system. Unlike software-only security solutions, Secured-core PCs are designed to prevent these kinds of attacks rather than simply detecting them.
Overall, these requirements enable customers to boot securely, protect the device from firmware vulnerabilities, shield the operating system from attacks, prevent unauthorized access to devices and data, and ensure that identity and domain credentials are protected.
Classified Secured-Core PC's, exceed the requirements for enhanced hardware security, which necessarily include disabling and removal of native Thunderbolt security settings. Usually Thunderbolt security settings are configurable by the user, for example via BIOS Setup utility.
Since usual Preboot eXecution Environment (PXE) requires changing native Thunderbolt security settings, users might run into troubles trying to boot into PXE using common options and parameters, provoked by the missing Thunderbolt security settings or missing DMAr (DMA remapping) support of the Ethernet adapter.
No LAN connectivity issues can appear when using:
Since implemenation of native Thunderbolt security settings within the BIOS Setup is removing the Secured-core PC classification, a Intel Ethernet Adapter which support DMAr (DMA remapping) support is required to resolve the issues.
For more information about the necessary Intel Ethernet Adapter driver including DMA remapping support, pease see details in the section below.
Thunderbolt 3 Dock (PA5281E*) Intel Ethernet Adapter (i210) including DMAr (DMA remapping) support
Please visit our download page driver download page to obtain the Thunderbolt 3 Dock (PA5281E*) Intel LAN driver V220.127.116.11 (i210) or later, which support DMAr (DMA remapping).
Additional Technical Background
For more information about the technical background, please refer to the following documentation:
Thunderbolt Kernel DMA Protection Details
More information about Kernel DMA Protection for Thunderbolt:
Dynabook provides this information "as is" without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. Dynabook shall not be responsible for the topicality, correctness, completeness or quality of the information or software provided. Dynabook is not liable for any damage caused by the use of any information or software provided, including information that is incomplete or incorrect. Any trademarks used herein belong to their respective owners.
Copyright Dynabook Europe GmbH. All rights reserved.