News

Microsoft Promises Greater PC Security with Coming Pluton Processors

• By Kurt Mackie
• 11/17/2020

Microsoft on Tuesday introduced Pluton, a security solution aiming to make the current root of trust between the central processing unit (CPU) and the trusted platform module (TPM) in devices more resistant to physical tampering.

Pluton already exists in Xbox gaming systems and Azure Sphere chips for Internet of Things (IoT) devices, where the effort was said to have been "pioneered." Microsoft worked with AMD to add the Pluton design to the Xbox One in 2013, the announcement explained. Pluton relies on a cloud-based attestation scheme that's comparable to the Project Cerberus community effort.

Pluton for PCs and Azure
Microsoft's Tuesday announcement by David Weston, director of enterprise and OS security, implied that Pluton is now headed for PCs and Azure datacenters to add security protections there, although the timing wasn't described. Microsoft has been collaborating with chip builders on Pluton, and sees it as a future direction for the industry:

In collaboration with leading silicon partners AMD, Intel, and Qualcomm Technologies, Inc., we are announcing the Microsoft Pluton security processor. This chip-to-cloud security technology, pioneered in Xbox and Azure Sphere, will bring even more security advancements to future Windows PCs and signals the beginning of a journey with ecosystem and OEM partners.

Supposedly, TPMs ensure that bootloader malware (so-called "bootkits" or "rootkits") doesn't undermine the "secure boot" attestation approach that happens at the firmware level, before an operating system loads. However, it seems that TPMs still need to talk to the CPU and they use a bus for that communication, which can be tapped by someone with physical access to the machine. Microsoft's announcement pointed to this Pulse Security blog post, which described how to sniff the bus used by the TPM and retrieve BitLocker encryption keys, for instance.

Pluton isn't exactly a chip. It's part of the CPU, and this architectural change supposedly makes it immune from physical taps, as can happen with TPMs.

Weston was asked in a Twitter post whether Pluton was similar to the secure enclave processor (SEP) or Google's OpenTitan silicon root-of-trust design. He suggested it was similar, but Pluton is "not a discrete chip":

Yeah, you can think of it that way, except [Pluton] is not a discrete chip -- it's on die and in the CPU complex, which means the attack surface is smaller. In Xbox, we don't trust anything (data, bus connections) from outside of the SoC [system on chip] complex.

The main benefit of Pluton is that it can be updated, Weston added in the Twitter thread. He expounded on this point in the announcement, suggesting that the Windows Update service would be the process used to deliver the updates. Here's his characterization:

Today customers receive updates to their security firmware from a variety of different sources that can be difficult to manage, resulting in widespread patching issues. Pluton provides a flexible, updateable platform for running firmware that implements end-to-end security functionality authored, maintained, and updated by Microsoft. Pluton for Windows computers will be integrated with the Windows Update process in the same way that the Azure Sphere Security Service connects to IoT devices.

Secure Boot Inadequate
Secure boot, used with Unified Extensible Firmware Interface-based systems leveraging TPMs, was supposed to be the solution to rootkit malware threats. However, it was found back in late 2018 to be not adequate due to firmware exploits. The PC industry's response was to produce so-called "Secured-core PCs," running Windows 10, which supposedly addressed the firmware exploit issue.

It's unclear, though, from Microsoft's announcement whether Secured-core PCs also are subject to the sort of physical tampering that Pluton is specifically designed to prevent.

Microsoft appears to have the support of major chip makers on Pluton. AMD, Intel and Qualcomm all supplied testimonials that were included in Microsoft's announcement. What's unclear is when PCs might appear on the market with Pluton processors, and whether this approach replaces, or supplements, the Secured-core PC approach.

The nature of the attacks, in which an attacker needs physical access to a machine, might seem to make such attacks appear unlikely, at least for most people. But Microsoft did put Pluton in Xbox, likely because it needed such protection. The announcement raises lots of questions along those lines.

Update 11/17: Some questions were answered by a Microsoft spokesperson.

When asked whether machines using TPM could be tampered with physically, which the Pluton approach is said to avoid, the spokesperson offered the following viewpoint:

TPM 2.0 is the root of trust (ROT) in modern PCs including Secured-core PCs, but projecting into the future we see the continued advancement and weaponization of attacks at the TPM firmware and hardware level and a strong modern on-die hardware root of trust is an essential foundation to protect customer systems, identity, and data against these novel attacks.

When asked about the future of Secured-core machines, given Pluton, the spokesperson provided the following comment:

Pluton is meant to be complementary to the Secured-core journey. Pluton will enhance the foundational component of Secured-core PCs and the combination of Secured-core PCs and Pluton will create a new high watermark for Windows device security.

At this point, Microsoft isn't disclosing any release timeline information on Pluton.