Microsoft Is Making a Secure PC Chip—With Intel and AMD's Help

[Karlston]

Microsoft Is Making a Secure PC Chip—With Intel and AMD's Help

The Pluton security processor will give the software giant an even more prominent role in locking down Windows hardware.

Eventually the Microsoft Pluton Processor will come standard with mainstream CPUs as part of a system on a chip.Photograph: Mark Kauzlarich/Bloomberg/Getty Images

 

 

The most sensitive parts of your computer have come to live in a distinct hardware component known as a "secure enclave." These chips are designed not only to keep hackers from accessing your system's crown jewels, but to establish a "root of trust," running cryptographic checks to ensure that no hacker has maliciously altered them. Historically, companies like Intel, AMD, and Qualcomm have developed their own versions of these protective tools. But now Microsoft is partnering with all three to create a new secure chip aimed at bringing enhanced security to the Windows masses.

 

It's early days still, but the idea is that eventually the Microsoft Pluton processor will come standard with mainstream CPUs as part of a "system on a chip," where all the main components of a computer are housed together for efficiency and speed. Apple announced last week that its new in-house M1 processor for Macs would take that approach, incorporating its security processor with the SoC rather than as a distinct T2 chip as in recent models. Apple's controlled, top-down ecosystem allows the company to push updates easily to nearly its entire population of products. The world of Windows isn't nearly as tidy. But Microsoft's goal with Pluton is to make root of trust protections ubiquitous despite the diverse range of manufacturers who license its operating system.

 

"What we’ve done here is we’ve said, let’s not change the nature of the PC ecosystem—keep the choice, keep the customer variety," says David Weston, Microsoft's director of enterprise and operating system security. "But when it matters, which is where your encryption keys are stored, how you boot the system, now Microsoft writes the code for Pluton and works with Intel or others to get it signed and delivered. So there are fewer people involved, and the PC is going to be more secure for it. The fact that Microsoft designed a processor and Intel is putting it in their CPU—that’s like a head-exploding concept."

 

Courtesy of Microsoft

Ubiquity comes with its own risks. Elements designed for security can quickly become a single point of failure if they can no longer be trusted themselves. That's not just a theoretical problem; weaknesses have been found in the secure enclaves of tech giants like Apple, Cisco, and Intel. But proponents emphasize that the mechanisms still raise baseline security for all devices that contain them, even if they sometimes prove fallible.

 

With this concern in mind, Microsoft views Pluton as an option that can be implemented in different ways by different silicon vendors. It can supplement, rather than replace, other secure enclaves that device manufacturers may want to use instead. For example, AMD says that its Security Processor will work alongside Pluton to act as the hardware root of trust for the silicon chips in a system and their firmware, while Pluton can provide the root of trust for Windows.

 

"Working with partners like Microsoft allows us to make an even bigger impact," AMD head of product security Jason Thomas said in a statement.

 

Microsoft also has specific past experience developing chips that resist attacks both digitally and physically. For almost a decade, Xbox gaming consoles have been a rare example of popular, ubiquitous devices that are difficult to hack and alter even when you can take the device apart and mess with its internals. Microsoft intentionally built Xbox systems to be difficult to "mod," and these defenses have been successful so far. Along with the company's secure internet-of-things service Azure Sphere, Xbox has helped Microsoft test the viability of a protection like Pluton.

 

Pluton also directly addresses a sophisticated avenue of attack against secure enclaves. Hackers have begun to target the internal connectors, or "buses," that link security chips to main computer processors, sniffing out ways that data might leak along the way. And processor makers, particularly Intel, have grappled with how to secure features like Intel’s SGX, which creates encrypted enclaves inside regular CPUs but has been repeatedly defeated. By working directly with chipmakers to add Pluton as a system-on-a-chip component, Microsoft aims to eliminate these attack vectors.

 

"We're trying to keep the hardware as simple as possible, that way there's not a big surface area," says Mike Nordquist, director of strategic planning and architecture for Intel's business client group. "The firmware is also easily updatable. And the cool part is this is all an evolution. When you shut down one avenue, the hackers are going to go somewhere else, so our goal is to bring the bar up every year and be ready for whatever comes next."

 

Pluton chips won't appear on CPUs for more than a year, but Nordquist says that Intel is actively working on the integration. And the company plans to offer the addition at low or no additional cost to make it possible for Pluton-equipped CPUs to truly proliferate whether a manufacturer is actively looking for such a feature or not.

 

Microsoft's Weston is realistic; he says no protection is foolproof, but he emphasizes that Microsoft and its Pluton partners are putting a lot of effort into striking a balance between developing sophisticated, capable hardware and leaving enough to firmware that they can still patch most bugs and vulnerabilities. If something's wrong with the chip itself, there's no such easy fix. Weston adds that Microsoft's Red Team has been hard at work trying to find Pluton's flaws. "They would love to have broken this in a way that would have made us rethink things," he says.

 

 

Microsoft Is Making a Secure PC Chip—With Intel and AMD's Help

 

[mp68terr]

Root of trust for win/m$oft with an updatable firmware. Let's see how much trust people will put in it (maybe they won't have the choice) and let's see what hackers will do with that.

[steven36]

21 minutes ago, mp68terr said:

Root of trust for win/m$oft with an updatable firmware. Let's see how much trust people will put in it (maybe they won't have the choice) and let's see what hackers will do with that.

Intel mes  little bother  it will just give hackers another backdoor  lucky for us they   plenty of old hardware  that  dont have this crap that run Linux just fine. They never been no side Channel  Attack  that been patched  by Intel  and AMD in the wild no way . They use this Tech in XBOX and UWP  in Windows 10 so people can't pirate  games and apps  so maybe they will use it so people can't pirate apps in Windows 10 system 32 and  all pirates will move to Linux  and  Android.  💀

 

Microsoft said Pluton made its first appearance in the Xbox One back in 2013 to make it far more difficult to hack the console or allow gamers to run pirated games. The chip later graduated to Microsoft’s cloud service Azure Sphere, used to secure low-cost Internet of Things devices.

The idea now is to bring that same technology, with some improvements, to new Windows 10 devices.

 

Source:

https://techcrunch.com/2020/11/17/microsoft-pluton-security-chip-intel-amd-qualcomm/

 

Sounds like  a Anti Piracy  move to me.

 

[steven36]

Pluton is  in Azure Sphere 

Old report about it here

https://hackaday.com/2018/04/25/microsoft-secures-iot-from-the-microcontroller-up/

 

Microsoft challenges hackers to crack its custom version of Linux

https://www.techradar.com/news/microsoft-challenges-hackers-to-crack-its-custom-version-of-linux

 

 

Last month  Azure Sphere was in  Cisco Talos  spotlight they reported they found 16 vulnerabilities in Azure Sphere they cracked it.

https://blog.talosintelligence.com/2020/10/Azure-Sphere-Challenge.html

 

CODEX claims they even cracked UWP 

https://www.neowin.net/news/codex-claims-to-have-cracked-microsofts-uwp-protections-and-drm/

 

They can't even keep Windows secure, so why would we trust them to keep  our hardware secure?   Cult of the Dead Cow had to pwn  them so many times to  get them to start fixing   Windows bugs  back in the 90s. Even when  they patch security bugs  sites fill  up with complaints about  not being able to install  the updates or regressions  .  I would not trust them no further than i can trow them .