What Is Microsoft’s Pluton Security Processor?


A glowing Windows logo over top of an illustration of a CPU on a motherboard
Microsoft

The first computers packing Microsoft’s Pluton security processor arrive in 2022 thanks to AMD’s Ryzen 6000 laptop CPUs. If you haven’t heard of the technology, Pluton promises improved hardware security by walling off sensitive data like encryption keys inside the CPU package.

The new security platform is an extension of work that started with Xbox consoles in 2013, as well as Azure Sphere for connected devices. Microsoft announced Pluton for PCs in late 2020, but it took until the 2022 crop of processors to bring Pluton to actual devices.

In addition to AMD, Qualcomm also announced support for Pluton with its Snapdragon 8cx Gen 3 SoC. Intel is also signed on to the Pluton effort. AMD and its computer manufacturing partners, however, are the first out of the gate with actual PCs rocking Pluton-enabled processors.

Microsoft isn’t the only company integrating specialized security into the CPU. Apple also took up the trend in late 2020 by building the company’s T2 security chip into its ARM-based M1 processors.

Why Pluton?

A slide from Microsoft touting Pluton as part of a chip-to-cloud security solution.
Microsoft

Pluton builds on ideas from the Trusted Platform Module (TPM) chip–the security measure that almost stopped some people from upgrading their Windows 10 PCs to Windows 11. The TPM improves security by preventing attackers from tampering with low-level firmware that could lead to an attack on data stored on the PC. It also enables security features such as BitLocker disk encryption, and better security for your biometric data used with Windows Hello.

The TPM was a good start for security, and according to Microsoft, it forced attackers to get more creative. Baddies started looking for weaknesses in the TPM system and they focused on one particular soft spot: the communication lines between the TPM hardware chip (typically found on the motherboard) and the CPU.

Pluton solves this weakness by removing the need for “outside” communication between a TPM and the CPU. Instead, Pluton and its TPM-like functionality is one more component built onto the die of the processor itself. Microsoft says this makes it harder to extract sensitive information even if the attackers have physical possession of a device.

From within the CPU package, Pluton can emulate a TPM using Microsoft’s existing specifications and application programming interfaces (APIs). This is a more seamless way to integrate Pluton since many of the hooks it needs to work already exist.

Replacing the TPM is just one way that the Pluton processor can be used, however. Microsoft says it can also be used as a security processor for system resiliency in scenarios that don’t require a TPM. Alternatively, manufacturers can choose to ship computers with Pluton turned off. This latter option is not a surprise given the flexibility of the Windows ecosystem, and it’s something to be aware of if you’re specifically looking for a Pluton-enabled computer.

What Exactly Does Pluton Do?

With Pluton built into your processor the system can better guard sensitive data such as encryption keys, credentials, and user identities. It enables important information to be isolated from the rest of the system with features such as Secure Hardware Cryptography Key (SHACK) technology. The idea with SHACK is that secure keys are never exposed outside of the protected hardware, and that includes Pluton’s own firmware—low-level software that a component needs to function.

Microsoft also says Pluton’s firmware will be updated via Windows Update just like many other components on your PC. This means new features that leverage Pluton can roll out to older devices, and any emerging threats can be mitigated via regular security updates. This integration with the Windows Update system makes Pluton part of what Microsoft calls a “chip-to-cloud” security solution.

Where Will Pluton Appear First?

A slide showing six laptops expected to roll out with Ryzen 6000 processors.
AMD

While Qualcomm was the first to announce a chip with support for Pluton, AMD’s new laptop processors will be the earliest examples to hit store shelves. AMD says it expects to see more than 200 laptops roll out in 2022 packing Ryzen 6000 processors from major computer makers including Asus, Dell, and HP. Other computer manufacturers, such as Lenovo, also introduced laptops with Ryzen 6000 processors during CES 2022 such as the 16-inch Lenovo Legion 5.

As for desktops, Microsoft says Pluton will get there. “Pluton CPUs will be available for desktops, 2-in-1s and other Windows 11 personal computing form factors in the near future,” a company spokesperson told us.

AMD plans to introduce Ryzen 7000 CPUs in the second half of 2022, but the company declined to comment on future plans when asked whether these desktop processors would have Pluton.

A More Secure Computing Experience

Microsoft’s Pluton isn’t the most exciting addition to Windows PCs, but it does promise enhanced security, and the platform should make it harder for hackers to extract sensitive data from your PC. Don’t count on it being foolproof, but it’s another step towards greater security. As long as these measures don’t prevent us from running software we actually want to use, Pluton is a welcome development.

RELATED: Basic Computer Security: How to Protect Yourself from Viruses, Hackers, and Thieves





Source link