What is the Microsoft Pluton security processor?
A quick look at Microsoft's new approach to CPUs that promises to revolutionise Windows security
Microsoft Pluton is the company's new type of secure processor that aims to revolutionise PC security by housing sensitive data inside the chip itself.
This approach is very different to existing processor architecture, which usually forces the CPU to interact with a separate trusted platform module (TPM), that houses sensitive data like critical system information and encryption keys. As cyber security threats have become more sophisticated, malicious actors have started to target the TPM, which has led to an explosion in the number of potential attack vectors.
Pluton has been specifically designed to address this weakness by essentially getting rid of this communication channel and instead hosting the sensitive information inside the chip. Microsoft says this makes it impossible to take information like encryption keys from the hardware, no matter what kind of attack is launched on the infrastructure.
Thanks to a collaboration between Microsoft, Intel, Qualcomm, and AMD, work on this new chip was first announced on 17 November 2020, and it builds on a previous version that powered the Xbox One games console.
How does Microsoft Pluton work?
It's safe to say that for most PCs today, the operating system's security is usually handled by the trusted platform module (TPM). This has been a feature of computing for over a decade and is an individual hardware component that stores encryption keys. In the present day, it’s used to support Windows security programmes like Hello and BitLocker.
This means that the CPU must communicate with the TPM, normally through what is known as a bus interface, so that the information can be shared. Despite this, it is worth noting that this unique communication channel exposes critical information to the outside world. This is something that is commonly targeted and exploited by hackers so that they can lift the sensitive data as it moves.
Pluton attempts to solve this by removing this communication channel altogether. Instead, the CPU emulates a TPM onboard the chip, complete with the same specs and APIs, and while still being able to support the same security features that Windows users have come to know. Data such as encryption keys, user biometric data, and account credentials can all be stored directly on the Pluton processor, which are effectively isolated.
Secure Hardware Cryptography Key (SHACK) technology is also used to encrypt the data it holds, adding an additional layer of security.
Hackers would be unable to extract this data as a result, even if they have malware installed or physical access to the machine, according to Microsoft.
When will Pluton processors be released?
The Pluton architecture is expected to feature in a future range of chips designed by AMD, Intel, and Qualcomm. No release date has been given.