What are your concerns about the new chip 'Microsoft Pluton' jointly developed by Microsoft & AMD?



In 2020, Microsoft announced a new chip 'Microsoft Pluton' for PC protection. This chip was originally developed for Xbox One and Azure Sphere, and will be incorporated into all Windows PCs in the future, and will be included in AMD's mobile CPU Ryzen 6000, which has already been jointly developed. .. However, even two years after the announcement, there is little clear information about what kind of chip it is, and there are disparate rumors that it is different, so software developer Gabriel Sieben has summarized the information.

The dangers of Microsoft Pluton – Gabriel Sieben

https://gabrielsieben.tech/2022/07/25/the-power-of-microsoft-pluton-2/



Microsoft Pluton is a new security chip announced in November 2020. In many PCs, the core security function is realized by the semiconductor chip / TPM, but since the TPM is a chip independent of the CPU, it is not possible to prevent the method of directly intercepting the bus interface between the CPU and TPM. did. For this reason, Pluton is designed to be built directly into the CPU or SoC.

Microsoft announces new security chip 'Microsoft Pluton' to protect Windows PCs --GIGAZINE



Microsoft's goal is to give you more control over your PC's security. For example, Windows 11 requires TPM 2.0, 8th generation or later CPU, and secure boot function. According to Mr. Sieben, this is a move to get used to 'Pluton-like things' even before using Pluton, and it is not surprising that 'Pluton installed' is added to the essential requirements of Windows 12. ..

What is the 'TPM' that Microsoft requires in Windows 11? Why is it essential? --GIGAZINE



According to Mr. Sieben, the possible effects when it comes to using Pluton are as follows.

1: You will not be able to install Linux with Pluton enabled unless the Microsoft third-party UEFI certificate is enabled in the UEFI firmware.
2: Pluton will be integrated into Windows Update, at least with respect to system firmware, allowing some forms of driver updates while potentially preventing downgrades.
3: SHACK (Secure Hardware Encryption Key) allows you to store your private key in hardware to encrypt and decrypt material without opening it to firmware or software, making it a powerful BitLocker or DRM. May be possible

And by combining DICE (Device Identifier Synthesis Engine) with RIoT (Robust Internet of Things), SMM (System Management Mode), and Dynamic Route of Measurement Trust (DRTM) , Jieben said, 'Devices are Windows. It may be possible to verify content such as 'whether it is running', 'whether the device is up-to-date or recently updated', 'secure boot has not been disabled or modified on the device', and Microsoft claims 'to prevent malware'. It's not just a 'firmware security device', but in games you can easily prevent cheating.

Moreover, since DICE and RIoT are open standards, Pluton can be used for its own purpose in any authentication service, Mr. Sieben said, 'The road to hell is paved with good intentions' and already boiled frogs He has expressed anxiety that he may be in a state of affairs.

in Hardware, Posted by logc_nt