Microsoft Pluton was first discussed back in 2018 as a security subsystem secure boot environment accompaniment to Azure Sphere. While it was expected Pluton would launch soon after, that did not happen. This week, Microsoft has finally announced Pluton is arriving.
The project has also changed slightly. Microsoft Pluton is a security chip platform that will replace the company's existing Trusted Platform Module (TPM). However, it builds on TPM and makes some improvements to create more security for Windows devices.
TPM is a component of Windows 10 that stores important data, such as user information for sensitive tools. It keeps this information separate from other Windows system, making it harder for attackers to gain access. In other words, a threat actor cracking Windows would not necessarily give them access to data in TPM.
Microsoft Pluton includes this capability but builds on it. It also calls on chipmakers to jump on board and build silicon that supports the security parameters of Pluton. Considering Microsoft's dominant foothold in the PC market, chipmakers are likely to support the platform.
Apple and Google have already rolled out their own security chip systems, T2 and Titan M. Microsoft wants to build on TPM with its own offering.
“The Pluton design removes the potential for that communication channel to be attacked by building security directly into the CPU. Windows PCs using the Pluton architecture will first emulate a TPM that works with the existing TPM specifications and APIs, which will allow customers to immediately benefit from enhanced security for Windows features that rely on TPMs like BitLocker and System Guard.
“Windows devices with Pluton will use the Pluton security processor to protect credentials, user identities, encryption keys, and personal data. None of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC,” David Weston, Director of Enterprise and OS Security at Microsoft, explains.
Pluton started as a way to bring more device security to IoT hardware. It has since evolved to be capable of boosting protection and improving on TPM across Windows 10 devices, including laptops.
“One of the other major security problems solved by Pluton is keeping the system firmware up to date across the entire PC ecosystem. Today customers receive updates to their security firmware from a variety of different sources than can be difficult to manage, resulting in widespread patching issues,” Weston adds.
AMD, Intel, and Qualcomm are all on board with Microsoft Pluton. However, the project will not be an updateable inclusion on firmware. Instead, Pluton will be limited to next generation laptops that are built by those companies from now on. That means only new customers will get the benefits of the extra security.