Microsoft revealed Pluton, a security processor meant to thwart some of the most complex types of cyber assaults, in November 2020. AMD said on Tuesday that the chip would be integrated into its future Ryzen CPUs for usage in Lenovo’s ThinkPad Z Series notebooks.
Pluton has already been deployed by Microsoft to defend Xbox Ones and Azure Sphere microcontrollers from attacks that include someone with physical access opening device casings and bypassing security safeguards. Device owners who want to run unapproved games or programs for cheating frequently carry out such hacks.
The security chip can be set up in one of three ways: as the device TPM, as a security processor for non-TMP circumstances like platform resilience, or as a feature that PC manufacturers turn off before delivery.
In May, ThinkPad Z series laptops with Pluton-integrated Ryzen processors will be available. ThinkPad Z13 and Z16 models with Pluton as a TPM, according to Microsoft, will better protect Windows Hello credentials by further separating them from attackers.
Pluton is now being developed to protect PCs from malicious physical attacks aimed at installing malware or stealing cryptographic keys or other sensitive information. While many systems already have trusted platform modules or defenses in place to protect such data, such as Intel’s Software Guard Extensions, the secrets are still vulnerable to a variety of attacks.
In 2020, Microsoft wrote that by incorporating security directly into the CPU, the Pluton design eliminates the possibility of that communication route being exploited. Customers will instantly benefit from better security for Windows features that rely on TPMs, such as BitLocker and System Guard, when PCs employing the Pluton architecture initially imitate a TPM that works with existing TPM specifications and APIs.
The Pluton security processor will safeguard credentials, user identities, encryption keys, and personal data on Windows devices using Pluton. Even if an attacker has installed malware or has complete physical control of the PC, none of this information can be erased from Pluton.
This is accomplished by securely storing sensitive data such as encryption keys within the Pluton processor, which is segregated from the rest of the system, ensuring that developing attack tactics such as speculative execution is prevented from accessing important material. Pluton also offers the Secure Hardware Cryptography Key (SHACK) technology, which ensures that keys are never exposed outside of the protected hardware, including the Pluton firmware, giving Windows users an unprecedented level of protection.
By providing a secure identity for the CPU that can be certified by Cerberus, the Pluton security processor complements efforts Microsoft has done with the community, particularly Project Cerberus, strengthening the overall platform’s security.
