Microsoft Announces Pluton Security Processor

Posted on November 17, 2020 by Paul Thurrott in Hardware, Microsoft, Windows 10 with 10 Comments

Microsoft is partnering with AMD, Intel, and Qualcomm to create a new security processor for Windows-based PCs.

“This chip-to-cloud security technology, pioneered in Xbox and Azure Sphere, will bring even more security advancements to future Windows PCs and signals the beginning of a journey with ecosystem and OEM partners,” Microsoft’s David Weston announced. “Our vision for the future of Windows PCs is security at the very core, built into the CPU, where hardware and software are tightly integrated in a unified approach designed to eliminate entire vectors of attack. This revolutionary security processor design will make it significantly more difficult for attackers to hide beneath the operating system, and improve our ability to guard against physical attacks, prevent the theft of credential and encryption keys, and provide the ability to recover from software bugs.”

Pluton isn’t the first time that Microsoft partnered with microprocessor makers on a security chipset, of course: Back in the early 2000s when “Longhorn” was in early development, the firm championed the Trusted Platform Module (TPM) that is now a core component of all modern PCs. As Microsoft notes, TPM is the basis for security technologies like BitLocker and Windows Hello.

TPM is so successful, Microsoft says, that hackers are working around this chipset to find other ways to exploit PCs, including the bus interface that sits between a PC’s CPU and TPM chipsets. And that’s where Pluton comes in.

“The Pluton design removes the potential for that communication channel to be attacked by building security directly into the CPU,” Weston says. “Windows PCs using the Pluton architecture will first emulate a TPM that works with the existing TPM specifications and APIs, which will allow customers to immediately benefit from enhanced security for Windows features that rely on TPMs like BitLocker and System Guard. Windows devices with Pluton will use the Pluton security processor to protect credentials, user identities, encryption keys, and personal data. None of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC.”

Put another way, Pluton isn’t a physically isolated and separate component as we see elsewhere. Instead, it will be integrated directly into the PC’s microprocessor. Its firmware will be updated by Microsoft through Windows Update and will work “in the same way that the Azure Sphere Security Service connects to IoT devices.”

That Microsoft has the backing of all three PC microprocessor makers is, of course, key to the success of this platform. AMD, Intel, and Qualcomm all say that they will integrate Pluton into their future PC-based chipsets. The first Pluton-based PCs are expected in 2021.

Tagged with , ,

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (11)

11 responses to “Microsoft Announces Pluton Security Processor”

  1. glenn8878

    How does this solve other security issues in the CPU itself like Meltdown and Spectre unless they will be solved at the same time.

  2. proftheory

    How will this affect Linux dual booting if at all?

  3. waethorn

    This might be good if they're going to get rid of Intel ME and AMD PSP, but it could be equally just as bad if a security hole is found and it affects all Windows PC's.

  4. brettscoast

    Interesting development good post Paul.

  5. nbplopes

    I think this is a good move. An Apple T2 like security chip for Windows machines.

  6. dbonds

    With the recent development of the M1 processor from Apple, there has been talk that there will need to be better cooperation among the various hardware manufacturers in the "PC space" to compete with Apples new offerings going forward.

    Wonder if this is the one of the first examples of that type of cooperation between Intel/AMD/Qualcomm/MSFT to have a common hardware/software offering that "ups the playing field" for PCs? Can anyone think of a previous hardware based "feature" like this common across the x64 and ARM architectures in the Windows space?

  7. Alastair Cooper

    I don't really want an OS-specific bit embedded in my CPU. If they want to make the specifications and interface generally available so that other OSs can implement support as well then I'd be happier. I also want specific reassurance they aren't going to make it harder to boot non-Windows operating systems.

  8. chrisrut

    Great news. Perhaps someday there will be an "AI" function likewise built-in, so we can be rid of the scourge of passwords once and for all. I've long believed the computer can (should) get to "know you" and recognize you from a complex set of factors - many(all?)-factored rather than multi-factored authentication, as we do with people we "know." I expected it by now - over-optimistic starry-eyed visionary that I am. Perhaps the Pluton will work with MS's cloud-based AI... Just mindstorming. It's early here...

    • bluvg

      So early, you posted it "1 year ago" :P

      Azure Conditional Access (among others) provides some of what you're talking about already--multiple factors considered for access. FIDO is probably the closest thing we have to a passwordless standard, but 100% coverage for passwordless auth is probably unrealistic.

Leave a Reply