TPM replacement

Windows 11 devices with Microsoft Pluton security chip are coming in 2022

Microsoft brings its Pluton security silicon to AMD processors, and they'll be available on Lenovo laptops this spring.

Microsoft Pluton / source: Microsoft
  • AMD announces Ryzen 6000 Series CPUs with Microsoft Pluton chip integration.
  • The new security chip will first be available on the Lenovo ThinkPad Z series laptops.

Microsoft has partnered with AMD to integrate its Pluton processor into the latest Ryzen 6000 Series processors. And Lenovo will be the first computer maker to bring this technology on the new ThinkPad Z series laptops running Windows 11.

Pluton is a security chip that Microsoft introduced back in 2020 to improve the security of devices based on the security already available on Xbox and Azure Sphere devices. However, it’s not a standalone silicon. Instead, it’s a new chip that integrates inside a processor (in this case on the Ryzen 6000 Series mobile processors) to replace the Trusted Platform Module (TPM).

The idea with Pluton is to tightly integrate hardware and software to eliminate new and future attacks, such as those we’ve seen with the Spectre and Meltdown hardware security flaws.

The Microsoft Pluton technology leverages the processor to store and protect personal data, encryption keys, user identity, and credentials isolated from the main system. In addition, the information held on the chip cannot be removed even if the attacker has installed malware or has complete physical access to the device. Furthermore, the architecture offers a Secure Hardware Cryptography Key (SHACK) technology to ensure that keys are never exposed outside of the protected hardware.

Also, the chip can emulate a TPM to work with the currently available Trusted Platform Module specifications and APIs so that the end-user can continue to use features like BitLocker and System Guard.

Perhaps the most important aspect of Pluton is that it can receive firmware updates directly from Windows Update to keep devices secure, reducing patching fragmentation, which is currently a problem since devices currently download updates from multiple sources.

In the official announcement, Microsoft also says that Pluton can be configured in three ways, including as a TPM, non-TPM for platform resiliency, or disabled by the manufacturer.

While the software giant will continue to work with partners to expand its security processor, the AMD Ryzen 6000 series processors and devices like the Lenovo ThinkPad Z13 and Z16 will be the first to ship with this technology, and they are expected to go on sale in May 2022.