Two of the biggest laptop vendors have chosen to pass over Microsoft’s blossoming vision for PC chip security, Pluton. But the reason why may be less complex than it appears: Both companies are apparently sticking with an established relationship with Intel’s vPro technology, instead.
The Register reported this week that both Dell and Lenovo planned to skip Microsoft’s Pluton technology in its commercial PCs, which Microsoft introduced two years ago as a better way of integrating security directly into the CPU. The technology originally received somewhat tepid endorsements from both Qualcomm and Intel, and a more enthusiastic response from AMD — which had helped develop the technology to secure the Xbox game console.
Now, Dell told El Reg that “Pluton does not align with Dell’s approach to hardware security and our most secure commercial PC requirements” and that it won’t include the Pluton technology in most of its commercial PCs. Lenovo, too, said that it would ship Intel ThinkPads without Pluton, and that laptops with AMD Ryzen (and Pluton-enabled) chips inside them would be turned off by default.
That sounds alarming, but the reality of the situation might be simpler: The majority of the world’s commercial laptops ship with Intel’s Core chips inside, specifically with its vPro security enabled.
According to Bob O’Donnell, the president of Technalysis Research, Intel’s vPro technology can’t currently work with the Microsoft Pluton security core. “You can’t do both,” O’Donnell said. “My guess is at the end of the day, Lenovo and Dell have invested a fair amount of time, money and effort into supporting vPro. So, as a result [Pluton] becomes a bit of an unnecessary thing.”
What’s Microsoft Pluton, again?
Pluton is, and was, Microsoft’s ongoing effort to secure the PC. Microsoft announced Pluton in 2020, the year before the company began laying down the law on Windows 11’s security requirement: Windows 11 PCs need a Trusted Platform Module, or TPM, whether discrete or integrated. Most processors for commercial and consumer PCs alike integrate a TPM function inside the processor, even if it doesn’t always go so well. Pluton is Microsoft’s approach — a secondary logic block that integrates security functions into the processor as well. Its selling point is that Microsoft used it to help secure the Xbox, which hasn’t suffered from any notable high-profile hacks. More importantly, it’s secure enough to allow firmware updates via Microsoft’s standard Windows Update channels.
Lenovo’s AMD-powered ThinkPad Z-series laptops include chips with Microsoft Pluton inside, but it’s disabled by default.
But to be fair, worrying about Pluton may be jumping the gun. AMD originally said that even if it implemented Pluton, which it has, it wouldn’t replace AMD’s own TPM implementation — just sit alongside it. And Intel said that it would partner with Microsoft to add the Pluton technology to future platforms, “in the next few years.” More significantly, Intel never acknowledged Pluton as a feature in its recent Alder Lake platforms, including those for its most recent vPro systems. Even with its sliver of PC sales, Qualcomm may turn out to be Pluton’s biggest backer, as the company said in December that it plans to enable Pluton inside of its upcoming Snapdragon 8cx Gen 3 processor.
So with minimal chip support, what can PC makers do?
Lenovo’s decision is the most interesting, since the Pluton technology was included within the Ryzen-powered Lenovo ThinkPad Z13 and Z16, which were announced at CES 2022. Leaving the technology turned off for the entirety of 2022, as The Register reported, would put the burden of securing those PCs on AMD. Lenovo representatives didn’t immediately respond to a request for comment.
So what does this mean for Pluton? For Microsoft, its customers’ lukewarm response to Pluton is a bit of an embarrassment. But it’s not like commercial PCs powered by either AMD or Intel will be unsecured going forward, which is really what matters.
