EDIT 11/17/2020 10:45am PT: The article has been corrected to clarify that the Pluton processor is separate from the AMD Secure Processor:
In response to a new wave of attacks that have compromised standard approaches to Windows security, Microsoft announced its Pluton security processor that will reside inside of future consumer chips from both AMD and Intel – but it’s built using a technology that Microsoft and AMD pioneered with the custom processors for Xbox game consoles. It also leverages a standard feature found on AMD’s EPYC server processor chips. Now Intel will adopt a similar approach to help secure PCs.
The new collaboration between Microsoft, AMD, Intel, and Qualcomm will enable more robust security that helps prevent physical attacks and encryption key theft while protecting against firmware attacks. Microsoft will also use the technology to streamline firmware updates via Windows Update.
The Pluton security processor comes as a result of recent new attack vectors that indirectly compromise the Trusted Platform Module (TPM), which has long been the preferred method of securing PCs from potential threats. The TPM, a small secondary chip inside the system that stores encryption keys for services like Bitlocker and Windows Hello, is still robust enough to protect encryption keys but malicious actors have learned how to penetrate the bus that connects the TPM to the CPU through physical attacks, thus compromising a system.
Microsoft says that security must be built directly into the processor to prevent those attacks, hence the Pluton security processor. The new approach to securing the system isn’t really new at all, though – AMD pioneered the in-built security processor approach with the AMD Security Processor (ASP) in the Xbox game console back in 2013. This in-built 32-bit ARM Cortex-A5 processor is sandboxed from the rest of the processor, thus protecting it from attacks with exploits like Spectre, and provides secure encryption key generation and management to enable a hardware root of trust.
AMD uses this same approach for its EPYC server chips and its commercial processors. For the Xbox, AMD’s secure processor communicates with Microsoft’s Pluton Security Processor to enable tight integration between Microsoft’s software and AMD’s security hardware. AMD says it will be first to enable the same feature on all of its future client CPUs and APUs, though it hasn’t provided a specific timeline for the release.
Meanwhile, Intel says that it will continue to leverage its Hardware Shield feature in vPro, which only comes with specific commercial SKUs, but now also enable the Microsoft Pluton security processor to provide multiple root of trust options. Intel hasn’t provided a timeline for its adoption of the feature but says that “Intel plans to work with Microsoft to bring Pluton to these customers, as a choice, at scale.” It’s a bit unclear if Intel means the company will not enable the feature on all chips, thus providing customers with the choice to purchase more expensive processors with the feature – much like with its vPro-enabled chips.
The Pluton processor will emulate a TPM to maintain broad compatibility with APIs like BitLocker and System Guard. Pluton also uses a Secure Hardware Cryptography Key (SHACK) technology that prevents exposing cryptographic keys, even to the Pluton firmware itself, which will ultimately protect user information from physical attacks.
Finally, the Pluton processor secures the firmware updating process, streamlining the Windows Update process to provide a more unified and consistent method to update system firmware. This has become more important as a slew of security vulnerabilities have necessitated a rapid cadence of new firmwares to plug security holes like Meltdown and Spectre, but the current delivery system is fragmented. By building this functionality into the processor and using it to enable Windows Update to update firmware securely, Microsoft hopes that it, and the silicon vendors, can react to vulnerabilities quicker.