It’s been a while coming, but it looks like PCs with Microsoft’s Pluton security processor are just around the corner. So long as your silicon of choice comes from AMD, for the time being at least.
Pluton was first announced in 2020 and is rooted in anti-piracy protection developed for Microsoft’s Xbox console some years previously as well as work done for Azure Sphere. The shipping incarnation can be configured three ways, according to Microsoft. As the Trusted Platform Module (TPM), as a security processor for non-TPM scenarios (Microsoft cites platform resiliency) or just turned off by an OEM.
Going beyond TPM, Microsoft suggested scenarios for the tech to provide greater visibility into the state of the platform with signals being reported back to Intune and Azure Attestation Service in the future.
TPM has been a thing for a while (and is infamously one of Windows 11’s list of a hardware requirements). It’ll perform tasks such as verifying the integrity of the OS but is separate from the CPU design. Popping the root-of-trust directly on the same silicon as the processor means that attack vectors such as sniffing the bus between CPU and TPM are mitigated. The promise of attestation service support in the future will also appeal to administrators tasked with doling out access.
Microsoft has also stated that the Pluton hardware will be updateable through Windows Update and it “provides a platform for innovation that allows customers to benefit from new features in future releases of Windows that leverage the Pluton hardware.” Assuming, of course, you have a shiny new CPU replete with the tech. Microsoft has, after all, a bit of a reputation these days for abruptly yanking support for older CPUs in the name of security and reliability.
Intel, Qualcomm, and AMD were signed up in 2020, but it is AMD that is first out of the gate with the tech in its Ryzen 6000 series processors, announced at CES yesterday. Similarly, Lenovo unveiled its AMD-powered ThinkPad Z13 and Z16 laptops with the tech (due to ship in May).
AMD will have to share the thunder before long. In December Qualcomm said it would include Pluton via an implementation in the Qualcomm Secure Processing Unit (SPU) for managed systems in the enterprise or education segments. Part of the Snapdragon 8cx Gen 3 SoC, the first laptops using the chip should turn up during 2022. ®