One of the key tenets of having good security is reducing how attackable your system is. This is what we call an attack surface – a system needs as few attack surfaces as possible, and as small as possible, to minimize any potential unwarranted intrusion. Beyond that, any additional security to detect and protect is vital. Both hardware and software can be used for that layer of additional security, and it becomes particularly important when dealing with virtualization, especially when it comes to virtual and physical attacks. In order to create a more unified system, Microsoft’s Pluton Security Processor, which works with Windows, is coming to the three major hardware vendors that implement the OS: AMD, Intel, and Qualcomm. What makes this different is that this is a physical in-hardware implementation that will be built directly into the future processors from each of the three companies.

Pioneered in both Xbox consoles and Microsoft’s Azure Sphere ecosystem, the Pluton Security Processor enables a full-stack chip-to-cloud security akin to a Trusted Platform Module (TPM). The TPM has been a backbone of server security over the last decade or more, providing a physical store for security keys and other metadata that verifies the integrity of a system. In the mobile space, a built-in TPM allows for other security verification, such as Windows Hello or Bitlocker.

Over time, according to Microsoft, a physical TPM module in these systems have become a weak point in modern security design. Specifically, gaining physical access to the system makes the TPM useless allowing for in-transit data hijacks or man-in-the-middle data pruning. Because a TPM is an optional addition to most server environments, that physical module-to-CPU data pathway becomes an important attack surface.

What the Pluton project from Microsoft and the agreement between AMD, Intel, and Qualcomm will do is build a TPM-equivalent directly into the silicon of every Windows-based PC of the future. The Pluton architecture will, initially, build an emulated TPM to work with existing specifications for access to the current suites of security protocols in place. Because Pluton will be in-silicon, it severely reduces the physical attack surface of any Pluton-enabled device.

The Pluton architecture seems to also allow for a superset of TPM features, perhaps to be enabled in the future. Microsoft highlights both the unique Secure HArdware Cryptography Key (SHACK) technology such that security keys are never exposed outside of the hardware environment, as well as community engagement such as what has been done through Project Cerberus, part of the Open Compute Project to enable root-of-trust and firmware authentication. We are told this is particularly important as it pertains to wide-spread patching issues.

All of the silicon vendors involved will have Pluton as the first layer of security – additional layers (such as AMD’s PSP) will go below this. From the three vendors, AMD has worked with Microsoft already on Pluton for consoles, so it should not be a big step to see Pluton in AMD consumer and enterprise silicon sooner rather than later, along with AMD’s other technologies such as Secure Encryption Virtualization. Intel stated that its long-term relationship with Microsoft should lead to a smooth Pluton integration, however the company declined to comment on a potential timeline. Qualcomm is the odd-one-out in a sense, as its cycles are a little different, but the company is quoted as stated that on-die hardware root-of-trust security is an important component of the whole silicon.

A number of parallels are being drawn between Pluton and Apple’s T2 security chip, which was moved inside the recently announced M1 processor. 

Sources

Comments Locked

27 Comments

View All Comments

  • Nexing - Tuesday, November 24, 2020 - link

    Agreed
    As a citizen of a developing country advocate the cited EU guidelines and sane working practices much more than those corporate, ultimately US centered practices and controlling actions.
  • tuxRoller - Tuesday, November 24, 2020 - link

    Without Linux support this doesn't seem like it will get much traction outside of the desktop space.
    Honestly, it's kinda sad seeing Microsoft like this.
  • LiKenun - Tuesday, November 24, 2020 - link

    Nobody noticed the mistake?

    "coming to the three major hardware vendors that implement the OS: AMD, Intel, and Qualcomm"

    They don't implement the OS. Their hardware runs the OS.
  • Soulkeeper - Tuesday, November 24, 2020 - link

    Just what we need ... a backdoor built in our hardware. MS/government love making sure we are "safe" because they care ...
  • taisingera - Tuesday, November 24, 2020 - link

    Hopefully this will be able to be disabled in the bios in order to run linux. We still don't really know the details, like, will you only be able to run Windows with these chips, or can you run future Windows on chips without Pluton. If no linux, then we are stuck with the likes of Allwinner, Rockchip, and maybe Broadcom SoCs on SBCs, like RPi.
  • alternety - Friday, November 27, 2020 - link

    I am old. I used to build these things (anyone remember Godbout?). I have no longer any idea what is going on. I have become more and more unable to work with things like MS. Documentation from MS etal.is indecipherable and getting worse.The terminology denies any simple users (like me) from actually understanding what is going on. The information in places from MS etal,can not be found or understood.

    The computers we have purchased belong to us. But nowhere is that actually recognized by companies (think MS (et al)) rejection of the existence of computer owners personal equipment and denying access for control by the user for not understandable changes. Not-understandable or controllable. Sometimes daily reboots - purpose unknown. No printed detailed manual for years. Online information is indecipherable or completely unusable. Owners just get revolving attempts to find something they can understand.

    This behaviour MUST be stopped. Work with your appropriate representatives!
  • lmcd - Saturday, November 28, 2020 - link

    There are basically no Qualcomm SBCs as it is because of their extremely poor mainline support.

Log in

Don't have an account? Sign up now