Microsoft is partnering with AMD, Intel, and Qualcomm to create a new security processor for Windows-based PCs.
“This chip-to-cloud security technology, pioneered in Xbox and Azure Sphere, will bring even more security advancements to future Windows PCs and signals the beginning of a journey with ecosystem and OEM partners,” Microsoft’s David Weston announced. “Our vision for the future of Windows PCs is security at the very core, built into the CPU, where hardware and software are tightly integrated in a unified approach designed to eliminate entire vectors of attack. This revolutionary security processor design will make it significantly more difficult for attackers to hide beneath the operating system, and improve our ability to guard against physical attacks, prevent the theft of credential and encryption keys, and provide the ability to recover from software bugs.”
Pluton isn’t the first time that Microsoft partnered with microprocessor makers on a security chipset, of course: Back in the early 2000s when “Longhorn” was in early development, the firm championed the Trusted Platform Module (TPM) that is now a core component of all modern PCs. As Microsoft notes, TPM is the basis for security technologies like BitLocker and Windows Hello.
TPM is so successful, Microsoft says, that hackers are working around this chipset to find other ways to exploit PCs, including the bus interface that sits between a PC’s CPU and TPM chipsets. And that’s where Pluton comes in.
“The Pluton design removes the potential for that communication channel to be attacked by building security directly into the CPU,” Weston says. “Windows PCs using the Pluton architecture will first emulate a TPM that works with the existing TPM specifications and APIs, which will allow customers to immediately benefit from enhanced security for Windows features that rely on TPMs like BitLocker and System Guard. Windows devices with Pluton will use the Pluton security processor to protect credentials, user identities, encryption keys, and personal data. None of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC.”
Put another way, Pluton isn’t a physically isolated and separate component as we see elsewhere. Instead, it will be integrated directly into the PC’s microprocessor. Its firmware will be updated by Microsoft through Windows Update and will work “in the same way that the Azure Sphere Security Service connects to IoT devices.”
That Microsoft has the backing of all three PC microprocessor makers is, of course, key to the success of this platform. AMD, Intel, and Qualcomm all say that they will integrate Pluton into their future PC-based chipsets. The first Pluton-based PCs are expected in 2021.