October 16, 2021

Microsoft details its Pluto security processor

A chip containing the encryption keys which promises to be more secure than the current TMP.

A few days ago, Microsoft introduced its Pluto security processor; this will succeed the TMP chip ( Trusted Platform Module ) . It is still an integrated hardware solution that stores the encryption keys and therefore helps improve security. AMD, Intel and Qualcomm will integrate Microsoft Pluto in their next chips. However, AMD and Microsoft are highlighting their partnership : indeed, this Pluto security processor is inspired by the ASP ( AMD Security Processor ) inaugurated in 2013 with the Xbox One console.

As Microsoft points out in its publication, TPM has protected PCs for over 10 years; it therefore begins to date seriously. Above all, hackers have developed physical attacks like Meltdown and Specter capable of targeting its weak point: the bus connecting the TPM to the processor.

No more buses to attack

Now, “the Pluto design eliminates the risk of attack from this communication channel by integrating security directly into the central unit” ; “Windows devices with Pluto will use the Pluto security chip to protect credentials, user identities, encryption keys and personal data. None of this information can be removed from Pluto, even if an attacker has installed malware or has complete physical possession of the PC ” . As a first step, in order to ensure support with existing TPM APIs, such as BitLocker and System Guard, Windows PCs benefiting from the Pluto architecture will emulate the TPM.

Finally, as mentioned above, this strategy is not new. It is inspired by the security processor inaugurated in 2013 with the Xbox One; in the console, it takes the form of a 32-bit Cortex-A5, nested in the SoC, which contains the encryption keys. AMD specifies that ASP and Microsoft Pluto will coexist.

Source: Microsoft