Microsoft Pluton Hardware Security Coming to Our CPUs: AMD Intel Qualcomm
One of the key tenets of having good security is reducing how attackable your system is. This is what we call an attack surface a system needs as few attack surfaces as possible, and as small as possible, to minimize any potential unwarranted intrusion. Beyond that, any additional security to detect and protect is vital. Both hardware and software can be used for that layer of additional security
, and it becomes particularly important when dealing with virtualization, especially when it comes to virtual and physical attacks. In order to create a more unified system, Microsofts Pluton Security Processor, which works with Windows, is coming to the three major hardware vendors that implement the OS: AMD, Intel, and Qualcomm. What makes this different is that this is a physical in-hardware implementation that will be built directly into the future processors from each of the three companies.
Pioneered in both Xbox consoles and Microsofts Azure Sphere ecosystem, the Pluton Security Processor enables a full-stack chip-to-cloud security akin to a Trusted Platform Module (TPM). The TPM has been a backbone of server security over the last decade or more, providing a physical store for security keys and other metadata that verifies the integrity of a system. In the mobile space, a built-in TPM allows for other security verification, such as Windows Hello or Bitlocker.
Over time, according to Microsoft, a physical TPM module in these systems have become a weak point in modern security design. Specifically, gaining physical access to the system makes the TPM useless allowing for in-transit data hijacks or man-in-the-middle data pruning. Because a TPM is an optional addition to most server environments, that physical module-to-CPU data pathway becomes an important attack surface.
What the Pluton project from Microsoft and the agreement between AMD, Intel, and Qualcomm will do is build a TPM-equivalent directly into the silicon of every Windows-based PC of the future. The Pluton architecture will, initially, build an emulated TPM to work with existing specifications for access to the current suites of security protocols in place. Because Pluton will be in-silicon, it severely reduces the physical attack surface of any Pluton-enabled device.
The Pluton architecture seems to also allow for a superset of TPM features, perhaps to be enabled in the future. Microsoft highlights both the unique Secure HArdware Cryptography Key (SHACK) technology such that security keys are never exposed outside of the hardware environment, as well as community engagement such as what has been done through Project Cerberus, part of the Open Compute Project to enable root-of-trust and firmware authentication. We are told this is particularly important as it pertains to wide-spread patching issues.
All of the silicon vendors involved will have Pluton as the first layer of security additional layers (such as AMDs PSP) will go below this. From the three vendors, AMD has worked with Microsoft already on Pluton for consoles, so it should not be a big step to see Pluton in AMD consumer and enterprise silicon sooner rather than later, along with AMDs other technologies such as Secure Encryption Virtualization. Intel stated that its long-term relationship with Microsoft should lead to a smooth Pluton integration, however the company declined to comment on a potential timeline. Qualcomm is the odd-one-out in a sense, as its cycles are a little different, but the company is quoted as stated that on-die hardware root-of-trust security is an important component of the whole silicon.
A number of parallels are being drawn between Pluton and Apples T2 security chip, which was moved inside the recently announced M1 processor.
Sources
Microsoft Announcement
Intel Announcement
AMD Announcement
Author: Dr. Ian Cutress
Date: 2020-11-23
anandtech.com
AMD EPYC Rome in (Deep) Mini-ITX? ASRock Rack’s New ROMED4ID-2T (2020-11-26) | ASRock Rack has unveiled its latest small form factor motherboard designed for AMDs EYPC processors the ROMED4ID-2T It is based on a new proprietary form factor similar to Mini-ITXaffectionally colloquialized as Deep Mini-ITX which is slightly larger than standard mini-ITX The board supports for EPYC Rome 7002 processors up to 64 cores Being able to amalgamate up to 64 cores with a mini-ITX mother.. |
The 2020 Mac Mini Unleashed: Putting Apple Silicon M1 To The Test (2020-11-17) | Last week Apple made industry news by announcing new Mac products based upon the companys new Apple Silicon M1 SoC chip marking the first move of a planned 2-year roadmap to transition over from Intel-based x86 CPUs to the companys own in-house designed microprocessors running on the Arm instruction set Since a few days weve been able to get our hands on one of the first Apple Silicon M1 devices: .. |
Intel: DG1 GPU Now Shipping, Xe-HPG DG2 GPU In Labs (2020-10-22) | Alongside todays profitable-but-uneasy earnings report from Intel the companys earnings presentation also offered a short update on the status of their discrete GPUs As of today Intels DG1 GPU is now shipping Meanwhile the company announced their next GPU appropriately named DG2 which is based on their upcoming Xe-HPG architecture This GPU is now back from the fab and is in Intels lab and is now f.. |
ASRock First For B450 Ryzen 5000 Support: Beta BIOSes Now Available (2020-11-19) | One of the big unknowns for the newest AMD Ryzen 5000 processors is whether or not there will be support on all 400 series chipset-based motherboards After initially saying that these motherboards would not be supported AMD reversed course and said it would work with motherboard vendors to enable support At the point when the processors were launched AMD confirmed that the schedule for the first b.. |
Best AMD Motherboards: December 2020 (2020-12-04) | Its no surprise to see AMD doing very well at present and the new Ryzen 5000 series of processors have been a big hitThe Zen 3 based chips includea newly designed core with greatperformance in both single and multi-threaded applications The majority of the big motherboard vendors announced a rollout of new firmware designed to support the new processors on X570 and B550 chipsets with 400-series ch.. |
Best SSDs: November 2020 (2020-11-24) | A solid state drive is often the most important component for making a PC feel fast and responsive; any PC still using a mechanical hard drive as its primary storage is long overdue for an upgrade The SSD market is broader than ever with a wide range prices performance and form factors During the holiday season the best sales tend to temporarily disrupt the usual market positioning of some drives;.. |
Apple Intros First Three ‘Apple Silicon’ Macs: Late 2020 MacBook Air, 13-Inch MacBook Pro, & Mac Mini (2020-11-10) | As previously announced by Apple this summer the company is embarking on a major transition within its Mac product lineup After almost a decade and a half of relying on Intels x86 processors to serve at the heart of every Mac the company is going to be shifting to relying on its own in-house designed Arm processors to power their now un-PC computers At the time Apple set the start of the transitio.. |
Investigating Performance of Multi-Threading on Zen 3 and AMD Ryzen 5000 (2020-12-03) | One of the stories around AMDs initial generations of Zen processors was the effect of Simultaneous Multi-Threading SMT on performance By running with this mode enabled as is default in most situations users saw significant performance rises in situations that could take advantage The reasons for this performance increase rely on two competing factors: first why is the core designed to be so under.. |
Micron Announces 176-layer 3D NAND (2020-11-09) | Just in time for Flash Memory Summit Micron is announcing their fifth generation of 3D NAND flash memory with a record-breaking 176 layers The new 176L flash is their second generation developed since the dissolution of Microns memory collaboration with Intel after which Micron switched from a floating-gate memory cell design to a charge-trap cell Microns previous generation 3D NAND was a 128-laye.. |
QLC Goes To 8TB: Samsung 870 QVO and Sabrent Rocket Q 8TB SSDs Reviewed (2020-12-04) | Flash memory prices have been on a downward trajectory for years A decade ago this trend was helping SSDs establish a foothold in the consumer marketlargely for enthusiasts Now SSDs have taken over as the default storage medium for consumer PCs and further advances in flash memory are no longer pushing consumer SSDs into new product segments Instead cheaper flash is driving an increase in SSD capa.. |