What Is Microsoft’s Pluton Security Processor
Microsoft’s latest operating system, Windows 11, uses a processor architecture that forces the CPU to interact with a separate Trusted Platform Module (TPM). This hardware module contains sensitive data such as encryption keys and important system information. However, as cyber security threats become more advanced, TPM security is being tested to its limits.
To provide better security, Microsoft introduced a security platform called Microsoft Pluto which aims to revolutionize computer security by storing sensitive data in the chip itself. But what is Microsoft Pluto and how does it work?
What is Microsoft Pluto Security Processor?
Initially created for the Xbox and Azure regions, Microsoft Pluton is a revolutionary security processor designed by Microsoft in collaboration with chip developers Intel, AMD and Qualcomm. Pluton was first announced in 2020 for Windows. But it wasn’t until CES 2022 that Microsoft revealed more details about it and the security it aims to bring.
According to the company, the processors are aimed at providing better system security and quicker system updates to new Windows computers. Microsoft also stated that this processor can also be configured as a TPM or Platform Resilience as a security processor used for non-TPM scenarios, and manufacturers have the option to turn it off.
How does Microsoft Pluto work?
The idea behind Microsoft Pluto comes from an existing processor architecture used in many modern computers—the TPM. So before understanding how Microsoft Pluton works, you need to know how TPM works.
A Trusted Platform Module is a cryptoprocessor that secures your computer through an integrated cryptographic key. Essentially, it is a security alarm that prevents hackers and malware from accessing sensitive information on your system. This allows your Windows system to provide security features such as BitLocker disk encryption and better protection for the biometric data used with your Windows Hello.
This processor architecture was a great start for cyber security. However, white hat attacks have found vulnerabilities in the system. They found a target: the communication lines between the CPU and the TPM hardware chip typically found in motherboards.
But orchestrating TPM attacks is not easy and requires significant technical skills and direct access to the device. So even though it is a hard target, the vulnerability still exists.
Pluton solves this security vulnerability by bridging the gap between the TPM and the CPU, removing any need for external communication that can easily be intercepted by malicious actors. Basically, functionality like Pluton and its TPM are built into the processor itself. This makes it challenging to extract sensitive information, even if hackers can physically access the device.
Therefore, from inside the processor, Pluton can emulate a TPM through Microsoft’s existing application programming interfaces (APIs) and specifications. This is the most efficient way to integrate Pluton because it already has many of the hooks needed to function.
In addition to replacing the TPM, the Pluton processor can also serve as a protection processor for system resiliency scenarios that do not require a TPM. At the same time, manufacturers who plan to distribute Windows hardware may choose to ship Pluton disabled computers, which is not surprising given the flexibility of Windows. But it’s something to be aware of if you’re looking to buy a Pluton-enabled computer.
In essence, the Microsoft Pluton processor is an evolved version of the TPM integrated within the CPU. The Pluton comes with the same features a TPM chip offers, such as BitLocker encryption and Windows Hello.
Benefits of the Microsoft Pluto Security Processor
TPM attacks may not be highly likely, but attackers are becoming more creative. This means they will never stop exploiting any vulnerabilities they may see, withholding any critical information needed to attack your system. While individual users are not vulnerable to these attacks, it can still be terrifying, especially if you work with confidential information.
So, if you are thinking of switching to this security module, here are some of the benefits of this security processor that you should be aware of.