Today, Microsoft announced Pluton, its new security chip for Windows 10 PCs. It's meant to provide hardware and software integration that we've already seen in the Xbox One and Azure Sphere, but now it will be on upcoming computers. Yes, this is a hardware-based solution, so you'll absolutely need a new PC to get it.
Right now, hardware-based security comes from the Trusted Platform Module (TPM), which is separate from the CPU. The problem with this method is that while the TPM is effective, attackers can target the channel between the TPM and the CPU. That's the weak point.
That's one thing that's being solved by Pluton. The Pluton security chip will be built directly into the CPU, and Microsoft said that it's working with Intel, AMD, and Qualcomm on this. In fact, AMD said it will be the first to use it.
"At AMD, security is our top priority and we are proud to have been at the forefront of hardware security platform design to support features that help safeguard users from the most sophisticated attacks," said Jason Thomas, head of product security at AMD. "As a part of that vigilance, AMD and Microsoft have been closely partnering to develop and continuously improve processor-based security solutions, beginning with the Xbox One console and now in the PC. We design and build our products with security in mind and bringing Microsoft’s Pluton technology to the chip level will enhance the already strong security capabilities of our processors."
Pluton will work with things that currently require a TPM, such as BitLocker and System Guard. In fact, Microsoft says that this information can't be removed from the Pluton chip by way of malware or anything else.
Another thing that's kind of a big deal is that firmware updates are going to come directly from Microsoft. Right now, your firmware updates can come from a variety of places. They could come from Windows Update, Lenovo has its Vantage app, HP has Support Assistant, Dell has SupportAssist, and there's more. This is hard to manage, and Microsoft says that Pluton for Windows PCs will be "integrated with the Windows Update process in the same way that the Azure Sphere Security Service connects to IoT devices."
Microsoft didn't say exactly when we're going to see PCs shipping with CPUs that have Pluton, but it's probably going to be a little while. After all, if AMD is going to be the first, we'll have to wait at least for Ryzen 5000 mobile processors.