Named Microsoft Pluton security processor, the device is claimed to remove the potential for attacks between the CPU and the Trusted Platform Module through a communication channel by building security directly into the CPU.
"Windows PCs using the Pluton architecture will first emulate a TPM that works with the existing TPM specifications and APIs, which will allow customers to immediately benefit from enhanced security for Windows features that rely on TPMs like BitLocker and System Guard," Microsoft's director of Enterprise and OS Security David Weston said in a blog post on Tuesday.
After Micrsoft's collaboration with the NSA on PRISM to illegally spy on everyone, I have serious trust issues with them putting a "security" chip in my computer that can report what my CPU is doing. It sounds wonderful in theory, but the dystopian vibes I am getting are strong.— トーマス (@ThomasFerrum) November 17, 2020
"Windows devices with Pluton will use the Pluton security processor to protect credentials, user identities, encryption keys, and personal data. None of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC."
"After Microsoft's collaboration with the NSA on PRISM to illegally spy on everyone, I have serious trust issues with them putting a "security"; chip in my computer that can report what my CPU is doing. It sounds wonderful in theory, but the dystopian vibes I am getting are strong," said one poster, Thomas Ferrum.
When I think security, having to deal with how Qualcom has packaged & signed their updates for both their drivers & firmware in the past, gotta hope a lot of lessons have been both learned, more importantly, applied as they go forward.— TommyTenacious (@TommyTenacious) November 17, 2020
Another, with the handle Kowalski, echoed this distrust by tweeting: "Oh yes, security by obscurity? Another Intel management engine/SGX? Closed source blobs?"
And a third, Decker Mage, said: "Looks like an ideal way to implement DRM locking to a particular processor. Hard pass."
Oh yes, security by obscurity? Another Intel management engine/SGX? Closed source blobs?— Kowalski ? (@Kowalski7cc) November 17, 2020
After numerous people had inquired whether this would be another attempt by Microsoft to lock out its competitors' operating systems, Weston was forced to respond, confirming: "Yes - it can work with other clouds and OS."
Looks like an ideal way to implement DRM locking to a particular processor. Hard pass.— Decker_Mage (@DeckerMage) November 17, 2020
In his blog post, Weston said the Pluton security model was "accomplished by storing sensitive data like encryption keys securely within the Pluton processor, which is isolated from the rest of the system, helping to ensure that emerging attack techniques, like speculative execution, cannot access key material".
"Pluton also provides the unique Secure Hardware Cryptography Key (SHACK) technology that helps ensure keys are never exposed outside of the protected hardware, even to the Pluton firmware itself, providing an unprecedented level of security for Windows customers."
Weston said another major security problem that would be solved by Pluton was keeping system firmware across the whole PC ecosystem.
"Today customers receive updates to their security firmware from a variety of different sources than can be difficult to manage, resulting in widespread patching issues," he said.
"Pluton provides a flexible, updateable platform for running firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft. Pluton for Windows computers will be integrated with the Windows Update process in the same way that the Azure Sphere Security Service connects to IoT devices."
He did not give any indication as to when the technology would be implemented and available for use.
Graphic courtesy Microsoft