What is Microsoft’s Pluton Security Processor?
The first computers with Microsoft’s Pluton security processor will arrive in 2022 thanks to AMD’s Ryzen 6000 laptop CPUs. If you’ve never heard of the technology, Pluton promises enhanced hardware security by shielding sensitive data such as encryption keys in the CPU package.
The new security platform is an extension of work started in 2013 with Xbox consoles, as well as: Azure Bol for connected devices. Microsoft announced Pluton for PCs in late 2020, but it took until the 2022 crop of processors to bring Pluton to real devices.
In addition to AMD, Qualcomm also announced support for Pluton with its Snapdragon 8cx Gen 3 SoC. Intel is also affiliated with the Pluton effort. However, AMD and its computer manufacturing partners are the first to come out of the gate with real PCs rocking Pluton-compatible processors.
Microsoft isn’t the only company integrating specialized security into the CPU. Apple also capitalized on the trend in late 2020 by incorporating the company’s T2 security chip into its ARM-based M1 processors.
Pluton builds on ideas from the Trusted Platform Module (TPM) chip, the security measure that nearly stopped some people from upgrading their Windows 10 PCs to Windows 11. The TPM improves security by preventing attackers from tampering with low-level firmware, which could lead to an attack on data stored on the PC. It also enables security features, such as BitLocker disk encryption, and greater security for your biometric data used with Windows Hello.
The TPM was a good start for security and, according to Microsoft, forced attackers to get more creative. Bad guys went looking for weaknesses in the TPM system and targeted one specific weak spot: the communication lines between the TPM hardware chip (usually found on the motherboard) and the CPU.
Pluton addresses this weakness by removing the need for “external” communication between a TPM and the CPU. Instead, Pluton and its TPM-like functionality is another part built on the processor die itself. Microsoft says: this makes it more difficult to extract sensitive information, even if the attackers are in physical possession of a device.
From the CPU package, Pluton can emulate a TPM using Microsoft’s existing specifications and Application Programming Interfaces (APIs). This is a more seamless way to integrate Pluton, as many of the hooks it needs to work already exist.
However, replacing the TPM is just one way the Pluton processor can be used. Microsoft says it can also be used as a security processor for system resilience in scenarios that don’t require TPM. Alternatively, manufacturers can choose to ship computers with Pluton disabled. This last option isn’t a surprise given the flexibility of the Windows ecosystem, and it’s something to look out for if you’re specifically looking for a Pluton-compatible computer.
What exactly does Pluton do?
With Pluton built into your processor, the system can better monitor sensitive data such as encryption keys, credentials, and user identities. It makes it possible to isolate important information from the rest of the system with features such as Secure Hardware Cryptography Key (SHACK) technology. The idea of SHACK is that secure keys are never exposed outside of the protected hardware, and so is Pluton’s own firmware – low-level software that a component needs to function.
Microsoft also says that Pluton’s firmware will be updated through Windows Update, just like many other components on your PC. This means that new features leveraging Pluton can be rolled out to older devices and any emerging threats can be mitigated through regular security updates. This integration with the Windows Update system makes Pluton part of what Microsoft calls a “chip-to-cloud” security solution.
Where will Pluton appear first?
While Qualcomm was the first to announce a chip with Pluton support, AMD’s new laptop processors will be the earliest examples to hit store shelves. AMD says it expects to roll out more than 200 laptops with Ryzen 6000 processors from major computer manufacturers by 2022, including Asus, Dell and HP. Other computer makers, such as Lenovo, also introduced laptops with Ryzen 6000 processors at CES 2022, such as the 16-inch Lenovo Legion 5.
As for desktops, Microsoft says Pluton will get there. “Pluton CPUs will be available for desktops, 2-in-1s and other Windows 11 personal computing form factors in the near future,” a company spokesperson said.
AMD plans to introduce Ryzen 7000 CPUs in the second half of 2022but the company declined to comment on future plans when asked if these desktop processors would have Pluton.
A safer computing experience
Microsoft’s Pluton isn’t the most exciting addition to Windows PCs, but it does promise enhanced security, and the platform should make it harder for hackers to extract sensitive data from your PC. Don’t count on it being waterproof, but it’s another step towards greater safety. As long as these measures don’t stop us from using software we really want to use, Pluton is a welcome development.
RELATED: Basic Computer Security: How to Protect Yourself from Viruses, Hackers, and Thieves