Microsoft's Pluton secure processor

Recently, a few people have asked me my opinion on Microsoft’s new, hyped, “Pluton” secure processor.

It’s a bit tricky to decode any details from the marketing speak, but, as near as I can tell, it’s basically just rebranding something that already exists - a TPM in the management engine (or, perhaps, AMD’s secure enclave processor), and perhaps a slightly streamlined firmware update process.

The Pluton design removes the potential for that communication channel to be attacked by building security directly into the CPU. Windows PCs using the Pluton architecture will first emulate a TPM that works with the existing TPM specifications and APIs, which will allow customers to immediately benefit from enhanced security for Windows features that rely on TPMs like BitLocker and System Guard. Windows devices with Pluton will use the Pluton security processor to protect credentials, user identities, encryption keys, and personal data. None of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC.

The thing that’s missing here is that this functionality already exists in the management engine, and to the best of my knowledge, most modern PCs have an emulated TPM if they have one at all - it’s not a physically separate chip. “Intel Platform Trust Technology” seems to be the marketing term for this capability.

It does seem to also involve Microsoft-delivered firmware updates. Emphasis mine.

One of the other major security problems solved by Pluton is keeping the system firmware up to date across the entire PC ecosystem. Today customers receive updates to their security firmware from a variety of different sources than can be difficult to manage, resulting in widespread patching issues. Pluton provides a flexible, updateable platform for running firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft. Pluton for Windows computers will be integrated with the Windows Update process in the same way that the Azure Sphere Security Service connects to IoT devices.

So you can now get BIOS updates via Windows Update, which… well, I’ll just make awkward and uncomfortable noises and mutter something about how it’s probably better than never getting a firmware update…

An older article by Microsoft talks a bit more about the key generation process and such - it’s very TPM-ish.

Unfortunately, I’m seeing articles written that don’t really grasp the concept of a TPM, and argue that, instead, it should be able to help with ALL THE SECURITY PROBLEMS. Like this one…

This new chip is designed to block new and emerging attack vectors that are being used to compromise PCs, including CPU security flaws like Spectre and Meltdown. Intel revealed back in 2018 that it was redesigning its processors to protect against future attacks, and Pluton is an even bigger step in securing CPUs and Windows PCs in general.

No. A TPM won’t do a thing about microarchitectural vulnerabilities. The only place it might help is allowing microcode updates to be delivered by Windows Update, after the fact, if the CPU is still getting microcode updates.

Anyway, it sounds like basically a bunch of branding around a firmware TPM that already exists and a streamlined firmware update process. Probably won’t change much.

1 Like

Beats getting BIOS updates from the 3rd party .tw motherboard mfg. How much do I trust gigabyte and what’s their upstream anyway?

In an ideal world, which we’re certainly far from, BIOS updates are signed such that it doesn’t matter where you get it from - either it’s signed properly by the OEM and installs, or it’s been tampered with and doesn’t verify, so won’t install.

The distribution channel for the BIOS updates should have nothing to do with the validity of the updates.