What Is Microsoft Pluton Security Processor

What Is Microsoft Pluton Security Processor and How Is It Different from TPM?

If you have been keeping up with new developments in the PC world, you might have heard the term “Pluton” in the recent past. If you have been wondering what Microsoft Pluton is all about, what changes it brings, and how it differs from TPM, you have arrived at the right place. In this guide, we have detailed everything you need to know about Microsoft’s Pluton security chip for Windows PCs.

Microsoft Pluton Security Chip: Everything You Need to Know (2022)

What is the Microsoft Pluton Processor?

Pluton is a new security processor built by Microsoft in collaboration with renowned chipmakers AMD, Intel, and Qualcomm. Originally developed for Xbox and Azure Sphere, Pluton is now making its way to Windows PCs. Microsoft first announced Pluton for Windows PCs in November of 2020 and revealed more availability details at CES 2022. This processor intends to bring enhanced security and timely updates to Windows PCs in the near future.

Microsoft says Pluton can be configured as the Trusted Platform Module, as a security processor used for non-TPM scenarios like platform resiliency, or OEMs can choose to turn off Pluton.

How Does Microsoft Pluton Work?

Unlike a separate trusted platform module that interacts with the CPU, Pluton is built right into the CPU to help prevent attacks and theft of credential and encryption keys. This way, attack methods (including the ones executed with physical possession of the device) that primarily focus on hijacking the bus interface between the CPU and security processor can be eliminated. “This design helps ensure that emerging attack techniques cannot access key material,” added Microsoft.

Image courtesy: Microsoft

“This revolutionary security processor design will make it significantly more difficult for attackers to hide beneath the operating system, and improve our ability to guard against physical attacks, prevent the theft of credential and encryption keys, and provide the ability to recover from software bugs,” says David Weston, Director of Enterprise and OS Security at Microsoft, in an official blog post.

Benefits of Microsoft Pluton Processor

  • Physical Attack Prevention

According to Microsoft, attackers won’t get access to sensitive data, including credentials, user identities, encryption keys, and personal data, if they have installed malware or have physical access to PCs with Pluton. This new security processor also uses Secure Hardware Cryptography Key (SHACK) technology to effectively isolate keys even from Pluton’s firmware.

  • Security Updates from the Cloud

Another benefit to the Pluton chip is effective firmware updates, thanks to Windows Update integration. With this approach, Microsoft can directly deliver firmware updates to users without having to rely on its OEM partners. This should help the company roll out important security patches to critical bugs on a large scale.

Microsoft Pluton vs TPM: How Do They Differ?

As you might recall from our TPM explainer, TPM is traditionally a separate hardware chip that is responsible for storing sensitive data on Windows PCs. One key difference between a typical TPM module and Pluton is that the latter is built right into the CPU. Hence, you get the same hardware-level TPM features on Pluton-powered devices. As we mentioned earlier, this approach will reduce the chances of physical attacks.

Coming to functionality, Pluton works with existing TPM specifications and APIs. As a result, you can use existing TPM-powered features such as BitLocker and System Guard on Windows PCs with the Pluton chip. In a nutshell, Pluton is practically the next step to TPM. It incorporates TPM features while adding better update support and making the PCs immune to physical attacks. It is also considered to be better than firmware TPMs like Intel Platform Trust Technology (PTT) and AMD’s fTPM.

Will Pluton End Piracy on Windows PCs?

Ever since Microsoft announced Pluton in November 2020, users have been concerned about the potential DRM restrictions Pluton could bring. That’s because Pluton is what made it harder to pirate games on Xbox consoles. For PCs, Microsoft says its primary goal with Pluton is to ensure security, but the option to enforce DRM isn’t off the table either.

“This is about security, it’s not about DRM,” further explains Weston. “The reality is we’ll create an API where people can leverage it. It’s definitely possible for folks to use that for protection of content, but this is really about mainstream security and protecting identity and encryption keys,” he told The Verge.

Since consumer-grade PCs too will come with the Pluton chip (more on this below), it won’t be surprising to see PC game developers utilize the Pluton chip. They would use it to lock down their games and pose a threat to pirated gaming and modding space in a few years.

That said, Microsoft says that OEMs will have the option to turn off Pluton. So, we will have to see if OEMs choose to turn off Pluton in consumer PCs or simply configure it as a TPM replacement to enable the various security features in Windows 11 PCs. Given the security benefits, it’s unlikely for OEMs to disable Pluton completely, and it’s unclear whether it would be possible to disable Pluton manually from the consumer’s end.

Microsoft Pluton: When Will Devices with this Chip Launch?

As Microsoft revealed at CES 2022, Lenovo is the first PC maker to launch Pluton-powered PCs. The Lenovo ThinkPad Z13 and Z16 are the first laptops to feature AMD’s Ryzen 6000 series chips under the hood. That said, all Ryzen 6000 series processors will feature the Pluton chip. The chipmaker announced that we will see over 200 new laptops from OEMs partners like Dell, Razer, HP, and others in the coming weeks. So, stay tuned for a flood of Windows 11 laptops with the Pluton security chip.

ThinkPad Z16

Making the announcement a month before AMD, Qualcomm has also promised to use Pluton in its Snapdragon 8cx Gen 3 chips. However, we are uncertain when devices powered by this Qualcomm chip will arrive in the market. AMD will certainly beat the mobile chipmaker to the punch. Intel is also on board and will support Microsoft Pluton, but we will have to wait to see Intel chips featuring Pluton.

Moreover, if you are wondering whether we will see new desktop CPUs with the Pluton chip, the answer is a resounding yes. Microsoft has confirmed that Pluton CPUs for desktops, along with 2-in-1s and other Windows 11 personal computing form factors, will be available in the near future.

Microsoft Pluton Security Chip Explained

Pluton is Microsoft’s industry-wide effort to improve the security of Windows PCs. While we will have to wait to find if Pluton causes DRM troubles, it should reduce security issues on Windows machines. So, what do you think of the Microsoft Pluton processor? So don’t forget to share your thoughts with us in the comments.

4 Comments

  1. Don’t understand what Microsoft wants to achieve by this.
    Intel and AMD both have firmware TPM for quite a while now, namely PTT (Platform Trust Technology) and fTPM respectively. They are embedded in the chipset and doesn’t require any extra chip of the bygone era.

Leave a Reply