(Image courtesy of Fritzchens Fritz).
47049389521 514bf488de K

Intel and AMD to Add Secure Pluton Technology to Future CPUs

Dec. 4, 2020
Intel, AMD, and Qualcomm plan to incorporate an ultra-secure chip designed by Microsoft into future CPUs, in an effort to toughen up the security in every Windows PC of the future.

Microsoft said that it has developed a highly secure chip that Intel, AMD and Qualcomm plan to integrate in future central processing units used in laptops and other personal computers.

Microsoft said the Pluton security processor would bring more advanced protection to PCs using its flagship Windows operating system. Designed by Microsoft, the chip would be used to lock up secret information, including passwords, in a secure vault in the CPU itself, instead of on a separate component on the PCB. Microsoft said the Pluton chip would help stymie all sorts of attacks on the hardware and prevent the theft of secret keys used in cryptography.

The company is partnering with Intel, AMD, and Qualcomm to add Pluton as part of a system on a chip, where all the components of the personal computer, including the CPU, are housed on the same die. It is unclear when the integrated Pluton chips could hit the market. But Intel reportedly said that its chips would be ready to roll out to manufacturers in a couple of years.

Microsoft said that the Pluton chip would be integrated as a secure subsystem inside the SoC, adding another layer of protection on top of the internal defenses designed by Intel, AMD, and Qualcomm. The chip establishes a protected area that is physically secluded from the CPU, acting as a vault in charge of protecting secret keys and other information in the PC. That would help impede hackers trying to intercept information and steal it from the device.

"We believe that processors with built-in security like Pluton are the future of computing hardware," David Weston, who currently leads operating system security at Microsoft, said in a blog detailing the announcement. "With Pluton, our vision is to provide a more secure foundation for the intelligent edge and the intelligent cloud by adding this level of built-in trust to devices, and things everywhere."

Pluton incorporates a full stack of security technology akin to the trusted platform module, or TPM, used in personal computers today to store passwords and other secrets. TPM chips are tiny components that are segregated from the CPU to safeguard encryption keys and handle other chores in the PC. The TPM acts as the "root of trust" of the device, guaranteeing that the PC's combination of hardware and software has not been maliciously altered by hackers.

Today, software alone cannot address all the vulnerabilities present in insecure hardware. But hardware-based protections can represent the front line of defense for device security.

The TPM chip serves as the strongbox of the computer. But it is not completely unassailable. Hackers have started to target the "interface bus" that connects the TPM to the CPU in the PC, intercepting secret keys and other information that leaks out of the internal connector. Once hackers have physical possession of the PC, they can breach the interface and loot sensitive information from the TPM or launch digital and physical assaults on the device.

Microsoft said the Pluton chip directly addresses such threats. By bringing the TPM and CPU together, Microsoft said that the hackers would be unable to use the interface to invade the device and steal the encryption keys, credentials, and identities. The interface is no longer there. According to Microsoft, none of the information can be removed from the Pluton module, even if the hackers have unfettered physical access to the internal hardware.

Even though it's tightly integrated with the CPU, Microsoft said Pluton runs separately so that the cryptography keys are isolated from the central processor in the PC. Microsoft said it also supports the Secure Hardware Cryptography Key (SHACK) technology, which guarantees that the secret keys kept in Pluton are never exposed outside of the protected hardware.

One of the other problems solved by Pluton is in updating system firmware and patching for bugs and other potential vulnerabilities. Weston said it would roll out fixes for the firmware in Pluton as part of the regular updates it sends out to the vast population of computers that use its Windows operating system. "Today, customers receive updates to their security firmware from a variety of different sources than can be difficult to manage," he said.

Microsoft has been developing chips that resist both hardware and software hacks for the last decade. The company said Pluton was pioneered as part of the integrated hardware and OS security in its Xbox One console released in 2013. The chip, which it worked on with AMD, prevents hackers from messing with the hardware, even when they can take the device apart.

The company rolled out Pluton as part of its Internet of Things solution Azure Sphere in 2018, which includes a secure operating system used in space-constrained devices called Azure Sphere OS and a service for securely updating their firmware over the cloud. Microsoft has partnered with other vendors to add the Pluton chip to energy-efficient MCUs for IoT devices.

By partnering with Intel and AMD—the No.1 and No.2 vendors of personal computer chips—Microsoft is trying to add tougher protections to every Windows-based PC of the future. "Our vision for the future of Windows PCs is security at the very core, built into the CPU, where hardware and software are tightly integrated in a highly unified approach," the company said.

Microsoft said the Pluton chip would be used to supplement, rather than replace, the internal protections and firmware in chips made by Intel, AMD, and Qualcomm. No security protocol is ever completely impregnable. But the Pluton chip could strengthen the default amount of protection in PCs, despite the diverse range of manufacturers that work with Windows.

"AMD and Microsoft have been closely partnering to develop and continuously improve processor-based security solutions, beginning with the Xbox One console and now in the PC," Jason Thomas, head of product security at AMD, said in a statement. "We design and build products with security in mind and bringing Microsoft's Pluton technology to the chip level will enhance the already strong security capabilities of our CPUs."

Qualcomm is also rolling out chips based on blueprints from Arm Holdings for PCs. "We believe an on-die, hardware-based root-of-trust like the Microsoft Pluton is an important component in securing multiple use cases and the devices enabling them," Asaf Shen, a senior director of product management at Qualcomm Technologies, said in a statement.

Sponsored Recommendations


To join the conversation, and become an exclusive member of Electronic Design, create an account today!