Microsoft Pluton security co-processor will address some TPM flaws

Microsoft this week announced its Pluton custom security co-processor that will be built into future AMD, Intel, and Qualcomm chips.

The Pluton security co-processor is built in collaboration with AMD, Intel, and Qualcomm, and will be used to protect credentials, user identities, encryption keys, and personal data. Although it was announced yesterday for Windows 10 PCs, Pluton has been used to protect the Xbox One since 2013.

Microsoft explained in a press release that Pluton addresses the communication vulnerabilities between the processor and the trusted platform module (TPM), a discrete security chip used in authentication features like Windows Hello and BitLocker. Because of its critical role, attackers have begun exploring its weaknesses to take control of the host system, specifically by intercepting its communication with the processor while they’re in transit. Previously, it has been demonstrated that an attacker can extract BitLocker keys stored within the TPM using a cheap FPGA board and publicly available code.

Pluton aims to solve this issue by embedding itself directly into the processor. It will emulate a TPM that works with existing TPM specifications and APIs to reduce integration complexities. Microsoft claims that none of the information it stores can be removed from Pluton even if the attacker has complete physical access to the PC.

Sensitive data like encryption keys are stored in Pluton itself and isolated from other components. This hardens it against emerging techniques such as speculative execution. Moreover, by adding Secure Hardware Cryptography Key (SHACK) to Pluton, the security keys are contained only to the protected hardware. Not even the Pluton firmware itself has access to them.

Microsoft said Pluton will co-exist with other hardware security solutions.

In addition, Pluton will provide a more secure way to update firmware by providing a platform that’s managed and maintained by Microsoft. This is another improvement to Microsoft’s Secured-core initiative, a project aimed to defend against firmware attacks that are becoming increasingly prevalent. In a blog post, Microsoft said that firmware has become an attractive target for attackers since they have higher access privileges. Attacks against firmware can circumvent traditional safeguards like secure boot implemented by the operating system.

One of the countermeasures of Secured-core against firmware attack is the Windows Defender System Guard that establishes a dynamic root of trust.

In an email to IT World Canada, Microsoft said Pluton is complementary to Secured-core, but a system could have Pluton on its own, or with Secured-core. Pluton will help increase overall system security by building on existing TPM protections.

Pluton will work together with security systems already embedded in today’s processors, such as the AMD Security Processor (ASP), an ARM-based security subsystem built into nearly all modern AMD processors. AMD described their separate roles in its news release: “Pluton helps provide security to Windows PC systems by acting as an integrated hardware root of trust for the Windows ecosystem while ASP acts as the silicon hardware root of trust which helps provide integrity by authenticating initial firmware loaded on the platforms.”

Intel, AMD, and Qualcomm have yet to disclose when Pluton will arrive in their products but expect them sooner than later.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Tom Li
Tom Li
Telecommunication and consumer hardware are Tom's main beats at IT World Canada. He loves to talk about Canada's network infrastructure, semiconductor products, and of course, anything hot and new in the consumer technology space. You'll also occasionally see his name appended to articles on cloud, security, and SaaS-related news. If you're ever up for a lengthy discussion about the nuances of each of the above sectors or have an upcoming product that people will love, feel free to drop him a line at tli@itwc.ca.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now