Microsoft is working with leading silicon partners; AMD, Intel, and Qualcomm Technologies, Inc to bring more security advancements to future Windows PCs through the launch of Microsoft Pluton, a security processor designed to provide stronger hardware and software integration for Windows PCs. This chip-to-cloud security technology which first pioneered in Xbox and Azure Sphere will make it significantly more difficult for attackers to hide beneath the operating system, and improve Microsoft’s ability to guard against physical attacks, prevent the theft of credential and encryption keys, and provide the ability to recover from software bugs.
Microsoft says attackers have begun to innovate ways to attack Trusted Platform Module (TPM), a hardware component that is used to help securely store keys and measurements that verify the integrity of the system. These sophisticated attack techniques target the communication channel between the CPU and TPM, which is typically a bus interface facilitating the share of information between the main CPU and security processor thus are also able to steal or modify information in transit.
The Pluton design removes the potential for the communication channel to be attacked by building security directly into the CPU. Windows PCs using the Pluton architecture will first emulate a TPM that works with the existing TPM specifications and APIs, which will allow customers to immediately benefit from enhanced security for Windows features that rely on TPMs like BitLocker and System Guard.
David Weston, Microsoft’s Director of Enterprise and OS Security said windows devices with Pluton will use the Pluton security processor to protect credentials, user identities, encryption keys, and personal data. None of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC.
David explained that this is accomplished by storing sensitive data like encryption keys securely within the Pluton processor, which is isolated from the rest of the system, helping to ensure that emerging attack techniques, like speculative execution, cannot access key material. Pluton provides a flexible, updatable platform for running firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft. Pluton for Windows computers will be integrated with the Windows Update process in the same way that the Azure Sphere Security Service connects to IoT devices.
“AMD and Microsoft have been closely partnering to develop and continuously improve processor-based security solutions, beginning with the Xbox One console and now in the PC. We design and build our products with security in mind and bringing Microsoft’s Pluton technology to the chip level will enhance the already strong security capabilities of our processors,” said Jason Thomas, head of product security at AMD.
Mike Nordquist, Senior Director, Commercial Client Security at Intel said Intel will continue to partner with Microsoft to advance the security of Windows PC platforms and through the Pluton partnership, they will be able to enable integration between Intel hardware and the Windows operating system.
The Pluton design was introduced as part of the integrated hardware and OS security capabilities in the Xbox One console released in 2013 by Microsoft in partnership with AMD and also within Azure Sphere.