Microsoft is creating a new security chip designed to protect future Windows computers. Microsoft Pluton is a security processor that is built directly into future processors and will replace the existing Trusted Platform Module (TPM), a chip currently used to provide hardware and cryptographic keys. Pluton is based on the same security technologies used to protect Xbox consoles, and Microsoft is working with Intel, AMD and Qualcomm to combine it into future processors.
This new chip is designed to block new and emerging attack vectors that are used to compromise personal computers, including processor security flaws such as Specter and Meltdown. In 201
Existing TPMs are separated from processors, and attackers are also developing methods to steal data and information that occur between the TPM and the CPU when they have physical access to a device. Just as you can’t easily break into Xbox One to run pirated games, the hope is that it will be much harder to physically break into a Windows computer in the future by integrating Pluto into the CPU.
“We sent an Xbox that has this physical protection against attacks, so people can’t just hack it for games, etc.,” said David Weston, director of corporate and operational security at Microsoft. “From this, we learned the principles of effective engineering strategies, so we take this knowledge and partner with Intel to build something for the computer that will counter this emerging vector of attack.”
Many companies sell kits or 0-day vulnerabilities that allow attackers to gain access to machines and literally hack open computers to steal important data that could unlock other ways to log in to company systems or access personal information. “Our dream for the future is that this is simply not possible on the PC platform,” says Weston.
Pluto is essentially the evolution of TPM baked directly into the CPU. “It’s a better, stronger, faster and more consistent TPM,” explains Weston. “We offer the same API as TPM today, so the idea is that anything that can use TPM can use that.” This means that features like BitLocker encryption or Windows Hello authentication will switch to using Pluto in future.
Microsoft’s work with Intel, AMD and Qualcomm also means that Pluton will be updated from the cloud. Updates will be released monthly in the same patch on Tuesday when regular Windows updates arrive. The hope is that this should improve system firmware updates for both users and businesses running Windows computers.
It is unclear when computers with Pluton chips will begin shipping, but Intel, AMD and Qualcomm are committed to incorporating this functionality into their future processors. You will still be able to create custom PCs with built-in Pluton chips, and even in the future there should be support for Linux.
“This is the future we’re going to build,” said Mike Nordqvist, director of strategic planning and architecture at Intel. “The idea is that you don’t have to look for a motherboard with a TPM chip … so just get one.” Nordquist says Intel also supports operating system choices and “doesn’t want to start doing different things for a bunch.” different operating system vendors’. There are no hard details on Linux support yet, but Microsoft already uses Linux with Pluto in its Azure Sphere devices, so it will probably be available every time those chips are shipped.
New chips and security mean new fears about DRM and the fact that processors will now call Microsoft’s cloud infrastructure for updates. “It’s about security, not DRM,” Weston said. “The reality is that we’re going to create an API where people can use it, it’s definitely possible for people to use it to protect content, but it’s really about basic security and protecting identification and encryption keys.”
Microsoft, Intel, AMD, and Qualcomm clearly believe that processors that are constantly updated with built-in security are the future of Windows computers. Specter and Meltdown have been a wake-up call for the entire industry, and Pluto is an important response to the complex security threats now facing modern computers.