The Microsoft Pluton is a security processor, pioneered in Xbox and Azure Sphere, designed to store sensitive data, like encryption keys, securely within the Pluton hardware, which is integrated into the die of a device’s CPU and is therefore more difficult for attackers to access, even if they have physical possession of a device. This design helps ensure that emerging attack techniques cannot access key material.
In collaboration with leading silicon partners AMD, Intel, and Qualcomm Technologies, Inc., Microsoft announced its Microsoft Pluton security processor. This chip-to-cloud security technology, pioneered in Xbox and Azure Sphere, will bring even more security advancements to future Windows PCs.
Vision for the future of Windows PCs is security at the very core, built into the CPU, where hardware and software are tightly integrated in a unified approach designed to eliminate entire vectors of attack. This revolutionary security processor design will make it significantly more difficult for attackers to hide beneath the operating system, and improve our ability to guard against physical attacks, prevent the theft of credential and encryption keys, and provide the ability to recover from software bugs.
The aim of Secured-core PCs is that it offers advanced identity, OS, and hardware protection.
The Pluton security processor’s firmware will be updateable through Windows Update along with standard industry controls. This tightly integrated hardware and software helps protect against security vulnerabilities by adding additional visibility and control, and provides a platform for innovation that allows customers to benefit from new features in future releases of Windows that leverage the Pluton hardware and, with this design, are adaptable to changes in the threat landscape.
AMD Security Processor and Pluton are designed to co-exist on AMD client silicon to ensure constant communication, which helps to eliminate an attack vector that physical attackers could exploit.
Pluton can be configured in three ways: as the Trusted Platform Module(TPM); as a security processor used for non-TPM scenarios like platform resiliency; or OEMs can choose to ship with Pluton turned off.