What is the Microsoft Pluton security processor?
A quick look at Microsoft's new approach to CPUs that promises to revolutionise Windows security
Microsoft Pluton is the company's new type of secure processor that aims to revolutionise PC security by housing sensitive data inside the chip itself.
This approach is very different to existing processor architecture, which usually forces the CPU to interact with a separate trusted platform module (TPM), that houses sensitive data like critical system information and encryption keys. As cyber security threats have become more sophisticated, malicious actors have started to target the TPM, which has led to an explosion in the number of potential attack vectors.
Pluton has been specifically designed to address this weakness by essentially getting rid of this communication channel and instead hosting the sensitive information inside the chip. Microsoft says this makes it impossible to take information like encryption keys from the hardware, no matter what kind of attack is launched on the infrastructure.
Thanks to a collaboration between Microsoft, Intel, Qualcomm, and AMD, work on this new chip was first announced on 17 November 2020, and it builds on a previous version that powered the Xbox One games console.
How does Microsoft Pluton work?
It's safe to say that for most PCs today, the operating system's security is usually handled by the trusted platform module (TPM). This has been a feature of computing for over a decade and is an individual hardware component that stores encryption keys. In the present day, it’s used to support Windows security programmes like Hello and BitLocker.
This means that the CPU must communicate with the TPM, normally through what is known as a bus interface, so that the information can be shared. Despite this, it is worth noting that this unique communication channel exposes critical information to the outside world. This is something that is commonly targeted and exploited by hackers so that they can lift the sensitive data as it moves.
Pluton attempts to solve this by removing this communication channel altogether. Instead, the CPU emulates a TPM onboard the chip, complete with the same specs and APIs, and while still being able to support the same security features that Windows users have come to know. Data such as encryption keys, user biometric data, and account credentials can all be stored directly on the Pluton processor, which are effectively isolated.
Secure Hardware Cryptography Key (SHACK) technology is also used to encrypt the data it holds, adding an additional layer of security.
Hackers would be unable to extract this data as a result, even if they have malware installed or physical access to the machine, according to Microsoft.
When will Pluton processors be released?
Microsoft Pluton has been around since 2013, when it was included in Xbox One gaming consoles with the aim of preventing threat actors from hacking the device, as well as making it more difficult for users to to run pirated games. Microsoft Pluton was then also extended to Microsoft’s cloud service Azure Sphere, with plans to include it in Windows devices. This would be made possible thanks to Microsoft’s partnerships with Intel, AMD, and Qualcomm, which were all set to integrate Pluton in their offerings.
Hybrid cloud: A smart choice for AI and HPC
Drive business benefits while solving top challengesFree Download
At CES 2022, Microsoft announced that Lenovo and AMD would launch the first two laptops to be natively equipped with the security processor. The ThinkPad Z13 and Z16, priced at $1,549 and $2,099, respectively, were unveiled during the Las Vegas event in January, with a shipping date set for May 2022. Lenovo revealed that its devices powered by Qualcomm’s Snapdragon 8cx Gen3 chip will also come equipped with Pluton, yet Intel’s plans to include the security processor have reportedly been put on hold. Contrary to expectations, the Pat Gelsinger-led chip giant didn’t implement Pluton in its 12th-Gen Core Alder Lake processors.
However, one tech giant which will definitely not include Microsoft Pluton in its devices is Dell, which confirmed in March 2022 that the security processor “does not align with Dell's approach to hardware security and our most secure commercial PC requirements”.
"As with all new technologies, we will continue to evaluate Pluton to see how it compares against existing TPM implementations in the future," a Dell spokesperson told The Register.
Activation playbook: Deliver data that powers impactful, game-changing campaigns
Bringing together data and technology to drive better business outcomesFree Download
In unpredictable times, a data strategy is key
Data processes are crucial to guide decisions and drive business growthFree Download
Achieving resiliency with Everything-as-a-Service (XAAS)
Transforming the enterprise IT landscapeFree Download
What is contextual analytics?
Creating more customer value in HR software applicationsFree Download