Lenovo Will Not Enable Microsoft’s Pluton Processor by Default

Paul Thurrott
Jan 24, 2022
15

Lenovo recently announced that it would be the first hardware maker to ship PCs with Microsoft’s Pluton security chipset. But now it says that it will not enable this functionality by default.

“Pluton will be disabled by default on 2022 Lenovo ThinkPad platforms,” a Lenovo spokesperson told The Register. “Specifically, the ThinkPad Z13, Z16, T14, T16, T14s, P16s, and X13 using AMD 6000-series processors. Customers will have the ability to enable Pluton themselves.”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

You may not be surprised to discover that Pluton is triggering the same angst, in some circles, as Microsoft’s decision to require that PC makers include a Trusted Platform Module (TPM) 20 years ago. At that time, open-source advocates, in particular, complained that the real aim of this effort was to keep Linux off of PCs. Today, we’re hearing similar complaints.

“Linux is currently an unsupported scenario [for Pluton],” a Microsoft spokesperson told The Register. “Pluton is a hardware security technology that could be used by various OS components similar to how OS code can choose to use the TPM. Linux already has support for TPMs today. However, Microsoft’s current focus is ensuring an optimal experience for Windows 11.” My, how history repeats itself.

The good news? PC buyers can disable Pluton, even when it ships enabled on a PC.

“AMD respects user choice and, as is typical with many other security technologies, we provide the ability for a user to enable or disable Pluton based on their preferences in our reference BIOS,” an AMD statement notes. “AMD Ryzen 6000 Series processors support Linux. AMD has closely collaborated with Canonical (Ubuntu) and Red Hat to certify and optimize OEM designs with their operating systems.”

Intel, which had previously agreed to include the Pluton chipset, said only that its latest “Alder Lake” series chipsets already have a Pluton equivalent in its TPM 2.0-compatible Intel Platform Trust Technology, and that these PCs will, of course, run Linux too.

There are two key differences between Pluton and TPM. One, it is placed inside the System on a Chip (SoC), helping prevent attacks on the path between the security chipset and the CPU. And two, it’s designed by Microsoft. Which, again, is the problem in certain circles.

Tagged with

Please check our Community Guidelines before commenting

Conversation 15 comments

huddie
Premium Member
24 January, 2022 - 9:54 am

Any sense that Microsoft might be planning to open Pluton spec up to Linux ?

Log in to Reply

Paul Thurrott
Premium Member
24 January, 2022 - 10:04 am

The quote above suggests no, at least for now.

Log in to Reply

mog0

24 January, 2022 - 10:23 am

So will Linux not work with Pluton enabled or is this move just to placate the paranoid brigade who said TPM and then secure boot would block users from using linux (which it didn’t).

Log in to Reply

Paul Thurrott
Premium Member
24 January, 2022 - 11:58 am

Linux isn’t (yet?) compatible with Pluton. But you can disable Pluton if you want to use Linux on that PC.

Log in to Reply

bluvg

24 January, 2022 - 1:03 pm

“Alder Lake” series chipsets already have a Pluton equivalent in its TPM 2.0-compatible Intel Platform Trust Technology That doesn’t sound equivalent at all. Putting this type of security mechanism in the SoC itself should make systems more resilient to things like the recent MoonBounce malware.

Log in to Reply
martinusv2
Premium Member
24 January, 2022 - 1:09 pm

Can this affect WSL2?

Log in to Reply
mikegalos

24 January, 2022 - 3:25 pm

Yes, history IS repeating itself. Microsoft is supporting increased security and Linux advocates, being behind, pretend that they care about "openness" but, oddly, don’t have any problem with "openness" once they catch up and support the offending technology. Note how they don’t have a problem with TPM now where it used to be the Devil’s handiwork.

Log in to Reply

MoopMeep

24 January, 2022 - 7:44 pm

I’ve been told that open source software like linux is better than closed source windows. Since its open source you have many people who have access to the linux source code and things get fixed fast when issues come up. I expect in the next few hours that support for pluton will be added to linux because of this…… 

Log in to Reply

mefree

25 January, 2022 - 11:30 am

Open source is absolutely not more secure than closed source simply because of the nature of open source. Let me put it this way. If you build a fortress, then publish the blueprints for everyone to have, do you think that makes your fortress more secure, or less secure because now any potential attacker can see your entire blueprint to look for weaknesses? It also reminds me of the argument that ‘Macs don’t get viruses’ that people used to make. Macs weren’t more secure, it’s just that Mac didn’t have the market share to be worth the time to write viruses for. That has been changing obviously, but the same can be said for linux, at least on the consumer side of things.

Log in to Reply

mattbg
Premium Member
24 January, 2022 - 3:54 pm

I can’t be the only one that is confused. Microsoft has a fTPM specification. They also have Pluton which they have referred to in some communications as a "processor design". Is it actually a processor, or just a reference implementation? Intel and AMD implement fTPM either via a dedicated security processor (AMD) within the CPU package or Platform Trust Technology (Intel) – I am not clear how PTT is implemented, but I believe it’s in the chipset, so not on-CPU (?). Intel is suggesting they will implement a solution compatible with Pluton, like they did for fTPM when they called it PTT. This makes sense if Pluton is just a reference implementation. So, what is Pluton? Can I actually point to a chip that is called Pluton? Or could it be any chip that implements some reference model called Pluton? Do I have any of this wrong?

Log in to Reply

ezzy
Premium Member
27 January, 2022 - 1:21 am

Yes and no. I’m not sure exactly, but I believe 7th gen Intel had to use a TPM module (chipset) Depending on the vendor this module may or may not be included or it may require an aftermarket purchase, but the chipset specification required at least a header for it. 8th Gen and later Intel CPU’s had the TPM module included in the chip. So I have a 9th gen Intel processor with the included TPM module, but my motherboard has a slot to put an aftermarket TPM module in case I was using the board with an older processor. 

Log in to Reply

WaltC

24 January, 2022 - 7:04 pm

I have no problem with AMD’s CPU protection. Pluton is in addition to AMD’s terrific integrated security processor already in the Zen2/3/+/4 CPUs. In this day of malicious root kits and other nefarious software, I’d feel foolish about turning it off!

Log in to Reply
F4IL

24 January, 2022 - 7:34 pm

Given that Pluton is a Windows specific design and a closed one at that, it makes sense to provide a kill switch and enable installing additional operating systems like Linux / BSD. It remains to be seen if and when msft formally release a spec to support other systems.

Log in to Reply
geoff

26 January, 2022 - 10:51 pm

If Pluton can be disabled, it’s not really a security solution, is it?

Log in to Reply

sean8102

27 January, 2022 - 2:46 am

I guess if someone has physical access to your PC? Then they go into the BIOS and switch it off. Otherwise, how are they going to turn it off? The only way it can be enabled/disabled is in the BIOS. 

Log in to Reply

About author

Paul Thurrott

Paul Thurrott is an award-winning technology journalist and blogger with over 25 years of industry experience and the author of 30 books. He is the owner of Thurrott.com and the host of three tech podcasts: Windows Weekly with Leo Laporte and Richard Campbell, Hands-On Windows, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows from 1999 to 2014 and the Major Domo of Thurrott.com while at BWW Media Group from 2015 to 2023. You can reach Paul via email, Twitter or Mastodon.

View Articles

Currently on Forums
Visit the forums
- Drunk purchase “microsoftyousuck.com”
  Posted by andybarzyk
  
  3
  comments
- [CLOSED] Ask Paul for this Friday, April 19
  Posted by Paul Thurrott
  
  9
  comments
- Questions for 4 / 19?
  Posted by Brad Sams
  
  4
  comments
- What does Microsoft know that we don’t?
  Posted by Sarah Duguay
  
  3
  comments
Podcasts
Podcast Hub
- Microsoft’s NEW Loop Feature to Challenge Notion
  
  Aired on April 19, 2024 by Russell Smith with 0 Comments
- First Ring Daily 1586: “Tech” Podcast
  
  Aired on April 19, 2024 by Brad Sams with 0 Comments
- The Sams Report: Microsoft Wants to Fragment Windows
  
  Aired on April 19, 2024 by Brad Sams with 0 Comments
- First Ring Daily 1585: Extensioned
  
  Aired on April 18, 2024 by Brad Sams with 0 Comments
Join the crowd where the love of tech is real - become a Thurrott Premium Member today!

Explore Premium Benefits

Lenovo Will Not Enable Microsoft’s Pluton Processor by Default

Windows Intelligence In Your Inbox

Tagged with

Share post

Conversation 15 comments

Drunk purchase “microsoftyousuck.com”

[CLOSED] Ask Paul for this Friday, April 19

Questions for 4 / 19?

What does Microsoft know that we don’t?

Microsoft’s NEW Loop Feature to Challenge Notion

First Ring Daily 1586: “Tech” Podcast

The Sams Report: Microsoft Wants to Fragment Windows

First Ring Daily 1585: Extensioned

Windows Intelligence In Your Inbox

Sections

About Thurrott

Contact

Our Other Sites

Subscribe