Microsoft Announces Pluton Security Processor

Microsoft is partnering with AMD, Intel, and Qualcomm to create a new security processor for Windows-based PCs.

“This chip-to-cloud security technology, pioneered in Xbox and Azure Sphere, will bring even more security advancements to future Windows PCs and signals the beginning of a journey with ecosystem and OEM partners,” Microsoft’s David Weston announced. “Our vision for the future of Windows PCs is security at the very core, built into the CPU, where hardware and software are tightly integrated in a unified approach designed to eliminate entire vectors of attack. This revolutionary security processor design will make it significantly more difficult for attackers to hide beneath the operating system, and improve our ability to guard against physical attacks, prevent the theft of credential and encryption keys, and provide the ability to recover from software bugs.”

Pluton isn’t the first time that Microsoft partnered with microprocessor makers on a security chipset, of course: Back in the early 2000s when “Longhorn” was in early development, the firm championed the Trusted Platform Module (TPM) that is now a core component of all modern PCs. As Microsoft notes, TPM is the basis for security technologies like BitLocker and Windows Hello.

TPM is so successful, Microsoft says, that hackers are working around this chipset to find other ways to exploit PCs, including the bus interface that sits between a PC’s CPU and TPM chipsets. And that’s where Pluton comes in.

“The Pluton design removes the potential for that communication channel to be attacked by building security directly into the CPU,” Weston says. “Windows PCs using the Pluton architecture will first emulate a TPM that works with the existing TPM specifications and APIs, which will allow customers to immediately benefit from enhanced security for Windows features that rely on TPMs like BitLocker and System Guard. Windows devices with Pluton will use the Pluton security processor to protect credentials, user identities, encryption keys, and personal data. None of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC.”

Put another way, Pluton isn’t a physically isolated and separate component as we see elsewhere. Instead, it will be integrated directly into the PC’s microprocessor. Its firmware will be updated by Microsoft through Windows Update and will work “in the same way that the Azure Sphere Security Service connects to IoT devices.”

That Microsoft has the backing of all three PC microprocessor makers is, of course, key to the success of this platform. AMD, Intel, and Qualcomm all say that they will integrate Pluton into their future PC-based chipsets. The first Pluton-based PCs are expected in 2021.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 11 comments

  • glenn8878

    17 November, 2020 - 10:25 am

    <p>How does this solve other security issues in the CPU itself like <span style="color: rgb(32, 33, 36);">Meltdown and Spectre unless they will be solved at the same time.</span></p>

    • zhackwyatt

      Premium Member
      17 November, 2020 - 11:46 am

      <blockquote><em><a href="#593582">In reply to glenn8878:</a></em></blockquote><p>It doesn't. Two different things.</p>

  • proftheory

    Premium Member
    17 November, 2020 - 12:45 pm

    <p>How will this affect Linux dual booting if at all?</p>

  • waethorn

    17 November, 2020 - 1:51 pm

    <p>This might be good if they're going to get rid of Intel ME and AMD PSP, but it could be equally just as bad if a security hole is found and it affects all Windows PC's.</p>

  • brettscoast

    Premium Member
    17 November, 2020 - 4:00 pm

    <p>Interesting development good post Paul.</p>

  • nbplopes

    18 November, 2020 - 5:43 am

    <p>I think this is a good move. An Apple T2 like security chip for Windows machines.</p>

    • Paul Thurrott

      Premium Member
      18 November, 2020 - 8:15 am

      That’s not what this is. The T2 works like TPM does, it’s separate from the CPU.

  • dbonds

    Premium Member
    18 November, 2020 - 9:33 am

    <p>With the recent development of the M1 processor from Apple, there has been talk that there will need to be better cooperation among the various hardware manufacturers in the "PC space" to compete with Apples new offerings going forward. </p><p><br></p><p>Wonder if this is the one of the first examples of that type of cooperation between Intel/AMD/Qualcomm/MSFT to have a common hardware/software offering that "ups the playing field" for PCs? Can anyone think of a previous hardware based "feature" like this common across the x64 and ARM architectures in the Windows space?</p>

  • Alastair Cooper

    18 November, 2020 - 3:18 pm

    <p>I don't really want an OS-specific bit embedded in my CPU. If they want to make the specifications and interface generally available so that other OSs can implement support as well then I'd be happier. I also want specific reassurance they aren't going to make it harder to boot non-Windows operating systems.</p>

  • chrisrut

    Premium Member
    21 November, 2020 - 9:36 am

    <p>Great news. Perhaps someday there will be an "AI" function likewise built-in, so we can be rid of the scourge of passwords once and for all. I've long believed the computer can (should) get to "know you" and recognize you from a complex set of factors – many(all?)-factored rather than multi-factored authentication, as we do with people we "know." I expected it by now – over-optimistic starry-eyed visionary that I am. Perhaps the Pluton will work with MS's cloud-based AI… Just mindstorming. It's early here…</p>

    • bluvg

      04 January, 2022 - 6:56 pm

      <p>So early, you posted it "1 year ago" :P</p><p><br></p><p>Azure Conditional Access (among others) provides some of what you’re talking about already–multiple factors considered for access. FIDO is probably the closest thing we have to a passwordless standard, but 100% coverage for passwordless auth is probably unrealistic.</p>


Stay up to date with the latest tech news from!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2023 BWW Media Group