What is Microsoft’s Pluto Security Chip?


Microsoft’s latest operating system, Windows 11, uses a processor architecture that forces the processor to interact with a separate Trusted Platform Module (TPM). This hardware module hosts sensitive data such as encryption keys and critical system information. However, as cybersecurity threats become more advanced, TPM security is tested to its limits.

To provide better security, Microsoft has introduced a security platform called Microsoft Pluto which aims to revolutionize computer security by storing sensitive data in the chip itself. But what is Microsoft Pluto and how does it work?

What is Microsoft Pluto Security Chip?

Originally created for Xbox and Azure Sphere, Microsoft Pluto is a revolutionary security processor designed by Microsoft in collaboration with chip developers Intel, AMD and Qualcomm. Pluto was first announced for Windows in 2020. But it wasn’t until CES 2022 that Microsoft revealed more details about it and what it aims to bring to security.

According to the company, the processor aims to provide better system security and speed up system updates on new Windows computers. Microsoft also said this processor could also be configured as a TPM or as a security processor used for non-TPM scenarios such as platform resiliency, and manufacturers have the option to disable it.


Related: How to Check Your TPM Version Before Upgrading to Windows 11

How does Microsoft Pluto work?

close up of a flea

The idea behind Microsoft Pluto comes from the existing processor architecture used in many modern computers – TPM. So, before understanding how Microsoft Pluto works, you need to know how TPM works.

A Trusted Platform Module is a cryptoprocessor that secures your computer with an embedded cryptographic key. It is basically a security alarm that prevents hackers and malware from accessing sensitive information on your system. This enables your Windows system to provide security features such as BitLocker disk encryption and better protection of the biometric data you use with your Windows Hello.

This processor architecture was a great start for cybersecurity. However, a white hat attack found vulnerabilities in the system. They found a target: the communication lines between the CPU and the TPM hardware chip typically found on the motherboard. But TPM attacks are not easy to orchestrate and require significant technical skills and direct access to the device itself. So even though it is a hard target, the vulnerability still exists.

Related: How to Fix Trusted Module Platform (TPM) Error in Windows 10

Pluto addresses this security vulnerability by bridging the gap between the TPM and the CPU, removing any need for external communication that can be easily intercepted by malicious actors. Basically, Pluto and its TPM-like functionality is built into the CPU itself. This makes it difficult to extract sensitive information even if hackers can physically access the device.

So, from inside the processor, Pluto can emulate a TPM through Microsoft’s existing application programming interfaces (APIs) and specifications. This is the most efficient way to integrate Pluto because many of the hooks it needs to work already exist.

In addition to replacing the TPM, the Pluto processor can also function as a fail-safe processor for system resiliency scenarios that do not require a TPM. At the same time, manufacturers planning to distribute Windows hardware may choose to ship computers with Pluto disabled, which is no surprise given the flexibility Windows provides. But it is something to be aware of if you want to buy a Pluto compatible computer.

In a nutshell, Microsoft Pluto Processor is an evolved version of TPM embedded in the CPU. Pluto comes with the same features as a TPM chip, such as BitLocker Encryption and Windows Hello.

Benefits of the Microsoft Pluto Security Processor

chip vector with black background

TPM attacks can be highly unlikely, but attackers are getting more creative. This means that they won’t stop exploiting any vulnerabilities they can see, intercepting all the critical information they need to invade your system. Although individual users are not subject to these attacks, it can still be terrifying, especially if you are working with confidential information.

So, if you are thinking of upgrading to this security module, here are some benefits of this security processor that you should know about.

Prevention of physical attacks

Since Pluto is integrated into your processor, sensitive data such as user identities, personal data, encryption keys, and credentials are more securely protected. This means that attackers will not access it even if they have installed malware or have physical access to your device.

The chip also uses SHACK (Secure Hardware Cryptography Key) technology that allows it to isolate keys even from its own firmware, the low-level software the hardware needs to function.

Security updates from the cloud

Microsoft Pluto firmware will receive updates through Windows Update, as will most components of your Windows computer. This means that users will receive updates directly from Microsoft and not have to rely on its hardware manufacturing partners.

At the same time, new Pluto features will also be rolled out to older devices, and any emerging threats can be mitigated through regular patches. Since it’s integrated with Windows Update, Pluto is now part of Microsoft’s “chip-to-cloud” security solution.

When will Microsoft Pluto processors be launched?

AMD processor

In 2020, Qualcomm became the first manufacturer to announce support for Microsoft Pluto. However, AMD’s new laptop processors, the AMD Ryzen 6000 series, are the first Pluto-integrated processors available to the public.

According to AMD, users can expect more than 200 laptops to roll out in 2022 with Ryzen 6000 processors from major manufacturers like HP, Dell, and Asus. Other manufacturers have already released laptops using Ryzen 6000 processors, such as the 16-inch Lenovo Legion 5.

If you like desktop computers, don’t worry. Pluto will also get there. Microsoft said Pluto processors will be available for desktops and other Windows devices in the future. AMD plans to launch Ryzen 7000 processors in the second half of 2022. However, the company declined to provide information on whether these desktop processors will have Pluto or not.

Secure and protected Windows experience

Microsoft Pluto promises enhanced security for your Windows system, making it difficult for malicious actors to access sensitive information on your system. While it’s not foolproof protection against hackers, it’s a step towards better cybersecurity. As long as it does not limit us to the programs that we want to run on our system, Pluto will always be a great addition to the Windows ecosystem.

IT security
5 Easy Ways to Secure Your Computer in Under 5 Minutes

Short on time ? Anyone can be a target of malware, viruses, and hackers, so keep your device safe with these quick tips.

Read more

About the Author


Comments are closed.