When it launched, Windows 11 confused a lot of people over it's requirement that your PC have a security chip called a TPM, or a Trusted Platform Module. But now, Microsoft wants to transition away from the TPM and instead implement its own security chip inside of upcoming CPUs. Microsoft calls this new chip, Pluton.
But why is this a big deal? It helps to first understand the limitations of the current TPM system. TPMs contain the keys needed to encrypt and decrypt data on your devices, and they can either come in the form of a separate chip that sits on your motherboard. You can actually buy them for your desktop or as a firmware TPM, which consists of code that hangs out either on your system's chip set or on the CPU itself. Most CPU platforms manufactured these days have some form of firmware TPM built-in, hence the reason Microsoft says you're probably okay to upgrade to Windows 11 if you have a recently built PC. But TPM is far from perfect. It's certainly better than nothing, but it turns out it's not particularly hard to defeat if an attacker knows what they're doing. A key weakness can be found in the connection between the TPM and the BIOS.
You can actually connect a sniffing device to the pins on the TPM chip and obtain the key you're looking for in a matter of minutes. Of course, you need physical access to the targeted PC in order to pull off an attack like this, but seeing as how the TPM was meant to help protect computers, even if a miscreant had physical access, that's a pretty big liability. But say you're running a firmware TPM implementation. Well, these can still have their own vulnerabilities. The well-publicized Spectre and Meltdown exploits have shown that attackers can grab data directly off of CPU. Even if that data is subject to enhanced security, it can still be obtained, such as in the Platypus attack that bypasses Intel Software Guard Extensions, or SGX.
This feature is supposed to create a secured area of the processor, but not only does Platypus defeat it, physical access isn't even required to attack the secured area. Pluton is in theory, I just love that name, supposed to go a long way toward solving these problems. Pluton doesn't use a separate chip at all. Instead, it's baked directly onto the CPU die so there isn't a risk of snatching data off a communication bus like you can with a discreet TPM module. But how is Pluton different from firmware TPM, since those also run directly on the CPU?
So a firmware TPN runs its code on the same main CPU cores that run your other programs, so a successful attack on something else the CPU is running could compromise the firmware TPM. Pluton on the other hand works by adding additional hardware that's on the CPU die, but is separate from the main processing core, making it more difficult to attack, even if the bad guy has physical access to the computer. Additionally, Microsoft is going to be responsible for issuing firmware updates for Pluton, rather than motherboard manufacturers, who typically release new firmware versions much less frequently. This should help keep computers safer from new and evolving threats.
The first PCs with Pluton built in should start hitting store shelves in mid-2022, but Pluton actually isn't even brand new. The chips have actually been used since 2013 in Xbox consoles to make it harder to play pirated titles, which actually brings us to a concern some users have about Pluton. Some fear that Microsoft could use Pluton to lock down PCs and exert too much control over what consumers can and cannot run on their own machines. We do know that CPUs with Pluton will work and run on Linux, but if you want Pluton's extra features, the specific Linux distro you're using would need to enable support for those. So only time will tell if these concerns about Pluton are warranted, but I'm sure we can all agree that we trust Microsoft, right? They made Vista.
No comments yet