Microsoft Pluton: Security processor for CPUs from AMD, Intel and Qualcomm

During the last months, we have seen how Intel processors added and added vulnerabilities. For this reason, Microsoft has developed its own security processor, which has been called Pluton. This was originally developed for the Xbox consoles developed with AMD, but it will also reach commercial processors. Both Intel and AMD desktop processors will implement these chips.

Hardware-level vulnerabilities have forced Microsoft to take significant action. They want to safeguard the security of users and for this reason, they will force them to implement this security chip. Microsoft has made many efforts at the security level, including offering them free use of Windows 10 so that all the patches are installed.

Microsoft creates the Pluton security chip

Qualcomm has also been used to develop this chip. It seeks to offer much more security and avoid possible physical attacks and theft of encryption keys. One of the critical points is the protection of the firmware, preventing it from being tampered with. Microsoft will also use Pluton to expedite firmware updates through Windows Update

The Pluton chip is an alternative to the TPM (Trusted Platform Module) solution that was the solution for the protection of computers. TPM is a secondary chip within the system that stores encryption keys for services such as Bitlocker and Windows Hello. While TPM is still a robust encryption chip, methods have been found to steal encryption keys sideways. They manage to penetrate the bus that connects the TPM with the CPU through physical attacks, compromising the system.

It is indicated by Microsoft that this chip must be incorporated directly into the processor, to prevent these attacks. The idea of ​​Pluton is not really new, with AMD having its own quite innovative solution.

READ ALSO  Laptops with Intel Tiger Lake CPUs will arrive on July 27, and they won't be cheap

Greater security in future processors

AMD processors for the Xbox One implemented the AMD Security Processor (ASP) security chip. A 32-bit ARM Cortex-A5 processor that operates independently of the CPU in a sandbox. This protects it from exploits like Specter, thus offering the generation and management of encryption keys that allow it to offer confidence in the hardware.

AMD uses this solution in EPYCs and their commercial processors. On the Xbox, ASP communicates with Pluton for the integration of Microsoft software and AMD security hardware. Additionally, AMD consumer processors and APUs will integrate it natively, although it is not indicated when this will be.

Intel indicates that the Hardware Shield feature in vPro will remain functional, which is only offered on processors for the professional segment. Still, it also allows Microsoft’s Pluton processor to offer multiple trusted options. There is no adoption date, but they say “Intel plans to work with Microsoft to bring Pluton to these customers, as an option at scale.” We will see if Pluton will reach all processors or not.

Pluton also ensures that the firmware update process through Windows Update will be unified and more consistent. This will allow users to have immediate access to firmware updates if cases like Specter and Meltdown happen again.