Microsoft Pluton Security Processor is here. It was announced on Tuesday along with three other major computing vendors: AMD, Intel, and Qualcomm.
They announced that the security chips would prevent hackers from stealing critical data (like credentials) from computing systems.
Were you afraid of Firmware hacking? Fear no more!
Here’s what we know.
More About Microsoft “Pluton” Security Processor
So far, that’s their goal. To guard against new, unknown attacks, like the 2018 Spectre and Meltdown ones, which could extract data out of the computer’s deepest areas.
Microsoft said, that to achieve this, it will need to store data on the chip itself, isolated from the rest of the system.
In short term, it will work as an attack surface. It will help not only minimize potential intrusions but also reduce its damage if it ever happens.
The hardware and software can both be used for the wanted, additional security layer.
This might result in good news for you if your system is attractive and attackable enough.
Even if it doesn’t, advocates of Pluton (the new security chip) confirm it will cut off a key element for data-stealing attempts.
Pluton was already pioneered inside Xbox consoles and the Azure Sphere ecosystem. In both cases, the Pluton Security Processor enables full-stack chip-to-cloud security to a TPM: Trusted Platform Module.
The Trusted Platform Module has been a backbone of server security over the last decade.
It has provided a physical store for security keys and system-integrity verifying metadata.
A built-in TPM also works in the mobile world, powered by Windows Hello or Bitlocker.
We can observe how it works, through an example attack made in 2018 by researchers from the NCC group. They showed how an attacker could undermine the booting process for “a large number of TPM-enabled computing platforms.”
Basically, the Pluton chip will be built into Windows computers through what they’re called “future chips” which are made by AMD, Intel, and Qualcomm.
The unique HArdware Cryptography Key (SHACK) technology to avoid keys getting exposed and such community engagement as the one from Project Cerberus, is what motivates Microsoft even more.
When Will the Microsoft “Pluton” Security Processor Be Released
For the moment, It’s still unclear when will the hardware be out on the market. all of that hardware will be on the market. The only thing we know so far is that Microsoft and partner companies are still working on it.
Also, that all silicon vendors involved will have Pluton as the first layer of security. And that additional layers (such as AMD’s PSP) will go below this.
In the case of AMD, it’s not the first time they work with Microsoft. They have done it already, also for Pluton, but on the console version. So, this might accelerate the release a bit.
Other technologies, such as Secure Encryption Virtualization, might also be backed by AMD’s support.
And while Intel also commented that this is aimed to be a long-term relationship, the company still declined to share potential release dates.
Qualcomm seems to be the odd-one-out in the deal. Although it’s worth mentioning that “on-die hardware root-of-trust security” is vital to the whole silicon.
This is, by far, the latest effort by tech companies to make hardware/firmware attacks less harmful and way more difficult to execute.
David Weston, Microsoft’s DEOSS said, Pluton would force bad actors to spend more resources in order to reverse-engineer the equipment. He said in an email:
“Our goal is to reduce as much of the available attack surface as possible by tightening the integration between hardware and software.”
What’s more impressive, is that even if a hacker had access to a Pluton-installed computer, it wouldn’t be able to remove anything from it. At least, that’s what David Weston says.
The instructor and researcher from SecuringHardware.com, Joe FitzPatrick emphasizes:
“Microsoft clearly put lots of technical work into a solid solution — solid enough to convince three leading CPU manufacturers to incorporate an external IP block into their own silicon.
A decade ago, they’d each have come up with their own implementation, expecting Microsoft to support it.”