IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

What is the Microsoft Pluton security processor?

A quick look at Microsoft's new approach to CPUs that promises to revolutionise Windows security

Abstract image of the Microsoft logo ontop of a glowing processor

Microsoft Pluton is the company's new type of secure processor that aims to revolutionise PC security by housing sensitive data inside the chip itself.

This approach is very different to existing processor architecture, which usually forces the CPU to interact with a separate trusted platform module (TPM), that houses sensitive data like critical system information and encryption keys. As cyber security threats have become more sophisticated, malicious actors have started to target the TPM, which has led to an explosion in the number of potential attack vectors.

Pluton has been specifically designed to address this weakness by essentially getting rid of this communication channel and instead hosting the sensitive information inside the chip. Microsoft says this makes it impossible to take information like encryption keys from the hardware, no matter what kind of attack is launched on the infrastructure.

Thanks to a collaboration between Microsoft, IntelQualcomm, and AMD, work on this new chip was first announced on 17 November 2020, and it builds on a previous version that powered the Xbox One games console.

How does Microsoft Pluton work?

It's safe to say that for most PCs today, the operating system's security is usually handled by the trusted platform module (TPM). This has been a feature of computing for over a decade and is an individual hardware component that stores encryption keys. In the present day, it’s used to support Windows security programmes like Hello and BitLocker.

This means that the CPU must communicate with the TPM, normally through what is known as a bus interface, so that the information can be shared. Despite this, it is worth noting that this unique communication channel exposes critical information to the outside world. This is something that is commonly targeted and exploited by hackers so that they can lift the sensitive data as it moves.

Pluton attempts to solve this by removing this communication channel altogether. Instead, the CPU emulates a TPM onboard the chip, complete with the same specs and APIs, and while still being able to support the same security features that Windows users have come to know. Data such as encryption keys, user biometric data, and account credentials can all be stored directly on the Pluton processor, which are effectively isolated.

Secure Hardware Cryptography Key (SHACK) technology is also used to encrypt the data it holds, adding an additional layer of security.

Hackers would be unable to extract this data as a result, even if they have malware installed or physical access to the machine, according to Microsoft.

When will Pluton processors be released?

Microsoft Pluton has been around since 2013, when it was included in Xbox One gaming consoles with the aim of preventing threat actors from hacking the device, as well as making it more difficult for users to to run pirated games. Microsoft Pluton was then also extended to Microsoft’s cloud service Azure Sphere, with plans to include it in Windows devices. This would be made possible thanks to Microsoft’s partnerships with Intel, AMD, and Qualcomm, which were all set to integrate Pluton in their offerings.

Related Resource

Hybrid cloud: A smart choice for AI and HPC

Drive business benefits while solving top challenges

Whitepaper cover with black and grey colour blocks and line graph style ascending arrowsFree Download

At CES 2022, Microsoft announced that Lenovo and AMD would launch the first two laptops to be natively equipped with the security processor. The ThinkPad Z13 and Z16, priced at $1,549 and $2,099, respectively, were unveiled during the Las Vegas event in January, with a shipping date set for May 2022. Lenovo revealed that its devices powered by Qualcomm’s Snapdragon 8cx Gen3 chip will also come equipped with Pluton, yet Intel’s plans to include the security processor have reportedly been put on hold. Contrary to expectations, the Pat Gelsinger-led chip giant didn’t implement Pluton in its 12th-Gen Core Alder Lake processors.

However, one tech giant which will definitely not include Microsoft Pluton in its devices is Dell, which confirmed in March 2022 that the security processor “does not align with Dell's approach to hardware security and our most secure commercial PC requirements”.

"As with all new technologies, we will continue to evaluate Pluton to see how it compares against existing TPM implementations in the future," a Dell spokesperson told The Register.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

What is hacktivism?
hacking

What is hacktivism?

27 May 2022
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
ransomware

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022