Microsoft's latest operating system, Windows 11, utilizes a processor architecture that forces the CPU to interact with a separate trusted platform module (TPM). This hardware module houses sensitive data such as encryption keys and critical system information. However, as cybersecurity threats become more advanced, TPM security is being tested to its limits.
To provide better security, Microsoft introduced a security platform called Microsoft Pluto that aims to revolutionize computer security by storing sensitive data in the chip itself. But what is Microsoft Pluton, and how does it work?
What Is the Microsoft Pluton Security Processor?
Initially created for Xbox and Azure Sphere, Microsoft Pluton is a revolutionary security processor designed by Microsoft in collaboration with chip developers Intel, AMD, and Qualcomm. Pluton was first announced for Windows in 2020. But it wasn't until CES 2022 that Microsoft unveiled more details about it and what it aims to bring to security.
According to the company, the processor aims to provide better system security and prompt system updates to new Windows computers. Microsoft also stated that this processor could also be configured as the TPM or as a security processor used for non-TPM scenarios like platform resiliency, and manufacturers have the option to turn it off.
How Does Microsoft Pluton Work?
The idea behind Microsoft Pluton comes from the existing processor architecture utilized in many modern computers—TPM. So before understanding how Microsoft Pluton works, you need to know how TPM works.
A trusted platform module is a cryptoprocessor that secures your computer through an integrated cryptographic key. Essentially, it is a security alarm that stops hackers and malware from accessing sensitive information in your system. This allows your Windows system to provide security features such as BitLocker disk encryption and better protection for the biometric data you use with your Windows Hello.
This processor architecture was an excellent start for cybersecurity. However, a white hat attack has found vulnerabilities in the system. They found a target: the communication lines between the CPU and the TPM hardware chip usually found in the motherboard. But TPM attacks are not easy to orchestrate and require significant technical skills and direct access to the device itself. So even though it's a difficult target, the vulnerability still exists.
Pluton solves this security vulnerability by bridging the gap between the TPM and CPU, removing any need for external communication that can be intercepted by malicious actors easily. Basically, Pluton and its TPM-like functionality are built into the processor itself. This makes it challenging to extract sensitive information even if the hackers can physically access the device.
So, from inside the processor, Pluton can emulate a TPM through Microsoft's existing application programming interfaces (APIs) and specifications. This is the most efficient way to integrate Pluton since many of the hooks it requires to function already exist.
In addition to replacing TPM, the Pluton processor can also work as a security processor for system resiliency scenarios that don't need TPM. At the same time, manufacturers who are planning to distribute Windows hardware can choose to ship computers with Pluton disabled, which isn't a surprise given the flexibility Windows offers. But this is something to be aware of if you want to purchase a Pluton-enabled computer.
In a nutshell, Microsoft Pluton Processor is an evolved version of TPM integrated within the CPU. Pluton comes with the same features as a TPM chip offers, such as BitLocker Encryption and Windows Hello.
Benefits of Microsoft Pluton Security Processor
TPM attacks may be highly unlikely, but attackers are becoming more creative. This means that they won't stop exploiting any vulnerabilities they can see, intercepting any critical information they need to invade your system. While individual users are not prone to these attacks, it can still be terrifying, primarily if you work with confidential information.
So, if you're thinking of switching to this security module, here are some benefits of this security processor you should know about.
Physical Attack Prevention
Since Pluton is embedded in your processor, sensitive data such as user identities, personal data, encryption keys, and credentials are more securely protected. This means that attackers won't access them even if they have installed malware or have physical access to your device.
The chip also utilizes a Secure Hardware Cryptography Key (SHACK) technology that allows it to isolate keys even from its own firmware—the low-level software that hardware needs to function.
Security Updates From the Cloud
Microsoft Pluton's firmware will receive updates through Windows Update, just like most of the components of your Windows computer. This means that users will receive updates directly from Microsoft and won't have to rely on its hardware manufacturing partners.
At the same time, new Pluton features will also be distributed to older devices, and any emerging threats can be mitigated through regular patches. Since it's integrated with Windows Update, Pluton is now part of Microsoft's "chip-to-cloud" security solution.
When Will Microsoft Pluton Processors Be Released?
In 2020, Qualcomm became the first manufacturer to announce the Microsoft Pluton support. However, AMD's new laptop processors, the AMD Ryzen 6000-series, are the first Pluton-integrated CPUs available to the public.
According to AMD, users can expect more than 200 laptops to roll out in 2022 with Ryzen 6000 processors from leading manufacturers such as HP, Dell, and Asus. Other manufacturers have already released laptops using Ryzen 6000 processors, such as the 16-inch Lenovo Legion 5.
If you love desktops, don't worry. Pluton will also get there. Microsoft stated that Pluton CPUs would be available for desktops and other Windows devices in the future. AMD plans to release Ryzen 7000 CPUs in the second half of 2022. However, the company has declined to provide information on whether these desktop processors will have Pluton or not.
Secured and Protected Windows Experience
Microsoft Pluton promises enhanced security for your Windows system, making it difficult for malicious actors to access sensitive information on your system. While it isn't fool-proof protection from hackers, it's a step forward to better cybersecurity. As long as it won't limit us from the programs we want to run on our system, Pluton will always be a great addition to the Windows ecosystem.