Microsoft Pluton / source: Microsoft
Security chip with update support

What’s Microsoft Pluton security processor

Microsoft introduces "Pluton," a new security chip that will be built into AMD, Intel, ARM CPUs to offer state of the art security with direct Windows Update integration.

Pluton is a processor that Microsoft has created to improve the security of devices running Windows 10. However, it’s not a standalone processor, instead Microsoft Pluton is a security chip that is expected to come built-in into future computer processors, and it’ll replace the Trusted Platform Module (TPM), which is currently available as a separate component to store keys and measurements to verify the system integrity.

Microsoft is partnering with AMD, Intel, and Qualcomm to integrate Pluton in future processors, and it’s based on the security already available on Xbox and Azure Sphere devices. The idea of this new chip is to tightly integrate hardware and software to eliminate new and future vectors of attacks, such those we’ve seen with the Spectre and Meltdown hardware security flaws.

How Windows 10 devices will benefit from Pluton

Although the TPM chip offers a good level of security, it’s a physical component separate from the main system processor, and malicious individuals have been rapidly evolving and finding techniques to steal the data that flows between the processor and Trusted Platform Module, which is usually a bus interface. However, since the Pluton chip will be integrated into the processor itself, the hope is that this approach will make it very difficult to gain access to Windows devices.

According to the company, devices with Pluton will be able to leverage the processor to store and protect personal data, encryption keys, user identity, and credentials completely isolated from the main system. In addition, the company explains that the information stored on the chip cannot be removed “even if an attacker has installed malware or has complete physical possession of the PC.” Furthermore, the architecture offers a Secure Hardware Cryptography Key (SHACK) technology to make sure that keys are never exposed outside of the protected hardware, or the Pluton silicon.

Also, when using this solution, the security chip will first emulate a TPM that will work with the currently available Trusted Platform Module specifications and APIs, allowing “customers to immediately benefit from enhanced security for Windows features that rely on TPMs like BitLocker and System Guard.”

Pluton direct integration with Windows Update

Perhaps one of the most important aspects of Pluton is that Microsoft will continue to work with AMD, Intel, and Qualcomm to connect the security chip directly into the Windows Update service to provide updates as needed to keep devices secure, reducing patching fragmentation, which is currently a problem, since devices can receive firmware updates from multiple sources.

It’s unclear when the first devices using a processor with the Pluton architecture will be available, but the most important processor makers in the industry are committing to bring this technology to customers and businesses. This technology won’t prevent users from building their own computers, and while Microsoft isn’t mentioning clearly, the support may even be available for Linux distributions, since the company is already using Pluton with its Azure Sphere solution, which is based on Linux.