Microsoft is building a new security chip designed to protect future Windows PCs. Microsoft Pluton is a security processor that is built directly into future CPUs and will replace existing Trusted Platform Modules (TPMs), a chip currently used to secure hardware and cryptographic keys. Pluton is based on the same security technologies used to protect Xbox consoles, and Microsoft is working with Intel, AMD and Qualcomm to combine it into future CPUs.
This new chip is designed to block new and emerging attack vectors that are being used to compromise PCs, including CPU security flaws such as Spector and Meltdown. Intel found back in 2018 that it was redesigning its processors to protect against future attacks, and Pluton is an even bigger step to secure CPUs and Windows PCs in general.
Existing TPMs are separated from CPUs, and attackers are also developing ways to steal devices and physical information that flow between TPMs and CPUs when they have physical access to a device. Just like you can’t easily hack into Xbox One to run pirated games, hopefully by integrating Pluton into the CPU it will be very difficult to physically hack into Windows PCs in the future.
“We’ve shipped to Xbox that has this physical attack protection, so people can’t hack it for games, etc.,” explains David Weston, Director of Enterprise and OS Security at Microsoft. “We learned the principles of effective engineering strategies from that, and so we’re taking those learnings and partnering with Intel to build something for PCs that will stand for that emerging attack vector.”
Many companies sell kits, or 0-day vulnerabilities, that allow attackers to gain access to machines and openly crack PCs to steal critical data that unlock other ways to get into company systems Or access personal information. “Our dream for the future is not possible on just the PC platform,” says Weston.
Pluton is basically a development of TPM, which is cooked directly into the CPU. “It’s a better, stronger, faster, more consistent TPM,” Weston explains. “We only provide APIs similar to TPM today, so the idea is that anything that uses TPM can use it.” This means that features such as BitLocker encryption or Windows Hello authentication will transition to using Pluton in the future.
Microsoft’s work with Intel, AMD and Qualcomm also means that Pluton will be updated from the cloud. The update will be released monthly on the same patch Tuesday that comes with regular Windows fixes. The expectation is that this should improve system firmware updates for both consumers and businesses running Windows PCs.
It’s unclear when PCs with pluton chips will start shipping, but Intel, AMD, and Qualcomm are all committed to building this functionality in their future CPUs. You’ll still be able to build custom PCs with pluton chips embedded inside you, and there should be support for Linux in the future.
“It’s a future thing we’re going to build,” said Mike Nordquist, director of strategic planning and architecture at Intel. “The idea is that you don’t need to see a motherboard with a TPM chip … so you get it.” Nordquist adds that Intel also supports the option for operating systems, and it “doesn’t want to start doing different things to a swarm of different OS vendors.” There is no firm information on Linux support yet, but Microsoft already uses Linux with plutons in their Azure region devices, so it is likely whenever these chips are available to ship.
The new chips and security mean new fears about DRM, and the fact that processors will now call back to Microsoft’s cloud infrastructure for updates. “It’s about security, it’s not about DRM,” Weston explains. “The reality is that we’ll create an API where people can take advantage of it, it’s certainly possible for people to use it for the protection of content, but it’s really about mainstream security and security of identity and encryption keys Is in. “
Microsoft, Intel, AMD and Qualcomm all clearly believe that processors that are constantly updated with security are the future for Windows PCs. Spector and meltdown were a wake up call for the entire industry and plutons are an important response to the complex security threats that modern PCs now face.