Microsoft on Tuesday announced a new security chip processor called Pluton that’s designed to protect Windows PC users from malicious attacks now and in the future.
“Microsoft alongside our biggest silicon partners are announcing a new vision for Windows security to help ensure our customers are protected today and in the future. In collaboration with leading silicon partners AMD, Intel, and Qualcomm Technologies, Inc., we are announcing the Microsoft Pluton security processor,” David Weston, Director of Enterprise and OS Security said in a blog post.
This chip-to-cloud security technology, pioneered in Xbox and Azure Sphere, aims to bring even more security advancements to future Windows PCs and hints the beginning of a journey with ecosystem and OEM partners.
Microsoft Pluton is built directly into future CPUs and will replace the existing Trusted Platform Module (TPM), a chip that’s currently used to secure hardware and cryptographic keys. The new Pluton processor is a step where hardware and software are tightly integrated in a unified approach designed to eliminate entire vectors of attack.
“This revolutionary security processor design will make it significantly more difficult for attackers to hide beneath the operating system, and improve our ability to guard against physical attacks, prevent the theft of credential and encryption keys, and provide the ability to recover from software bugs,” Weston explained.
The TPM is a hardware component which is used to help securely store keys and measurements that verify the integrity of the system. TPMs have been supported in Windows for more than 10 years and power many critical technologies such as Windows Hello and BitLocker.
The Pluton design removes the potential for that communication channel to be attacked by building security directly into the CPU.
“Windows PCs using the Pluton architecture will first emulate a TPM that works with the existing TPM specifications and APIs, which will allow customers to immediately benefit from enhanced security for Windows features that rely on TPMs like BitLocker and System Guard,” Microsoft explained.
Windows devices with Pluton will use the Pluton security processor to protect credentials, user identities, encryption keys, and personal data. None of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC.
The latest security processor also stores sensitive data like encryption keys securely within the Pluton processor, which is isolated from the rest of the system, helping to ensure that emerging attack techniques, like speculative execution, cannot access key material.
Pluton also provides the unique Secure Hardware Cryptography Key (SHACK) technology that helps ensure keys are never exposed outside of the protected hardware, even to the Pluton firmware itself, providing an unprecedented level of security for Windows customers.
Further, Pluton offers a flexible, easy-to-update platform for running firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft. Additionally, Pluton will integrate with the Windows Update process the same way the Azure Sphere Security Service connects to IoT devices.
Microsoft says it introduced the Pluton design was introduced as part of the integrated hardware and OS security capabilities in the Xbox One console released in 2013 in partnership with AMD and also within Azure Sphere. The introduction of Microsoft’s IP technology directly into the CPU silicon helped guard against physical attacks, prevent the discovery of keys, and provided the ability to recover from software bugs.
Mike Nordquist, Senior Director, Commercial Client Security, Intel, said: “Intel continues to partner with Microsoft to advance the security of Windows PC platforms. The introduction of Microsoft Pluton into future Intel CPUs will further enable integration between Intel hardware and the Windows operating system.”
“AMD and Microsoft have been closely partnering to develop and continuously improve processor-based security solutions, beginning with the Xbox One console and now in the PC,” said Jason Thomas, head of product security, AMD.
“Qualcomm Technologies is pleased to continue its work with Microsoft to help make a slew of devices and use cases more secure. We believe an on-die, hardware-based Root-of-Trust like the Microsoft Pluton is an important component in securing multiple use cases and the devices enabling them.” – Asaf Shen, senior director of product management at Qualcomm Technologies, Inc.
The Pluton processor will be integrated to provide next-generation hardware security protection to Windows PCs through future chips from AMD, Intel and Qualcomm, thereby reducing cases of CPU exploits like Meltdown and Spectre that affected a huge number of Windows users previously.
Having said this, there is no information from Microsoft as to when PCs with the Pluton processor will be released in the market.