There is no hardware that is 100% attack-proof, but it is possible to create barriers and containment methods to prevent the misuse of vulnerabilities potentially present on a system, even if they are still unknown or there is not yet a zero day to exploit them. With this objective in mind, Microsoft has announced Pluton, a security chip that curiously has its roots in the company’s experience as a manufacturer of game consoles.
According to Microsoft, Pluton has been designed in collaboration with Intel, AMD and Qualcomm with the intention of integrating it into future personal computers, concentrating security functions on the hardware itself. Pluton is a step beyond the current TPM module and works, at least in appearance, analogous to Apple’s T2 chip, although integrated as a chipset along with/into the CPU instead of as a stand-alone element.
According to the description, the chip will function as a root-of-trust for the hardware, preventing attacks based on hardware implants and firmwares modified for malicious purposes. In this way, situations such as the panic caused by Meltdown and Spectre could be avoided, or at least made more difficult to repeat. It would also be much more difficult to attack a system even if you had physical access to it.
An interesting fact is that, unlike Apple’s T2 chip, Pluton’s firmware will be upgradeable. Microsoft is committed to publishing revisions of its internal software through Windows Update, which in theory should result in greater security, but it can also raise doubts about update support, since it is not clear whether it will depend on the age of Windows, the revision of the chip or none of these factors. It also means an extra responsibility for Microsoft, which will have to ensure both that it is correctly maintained and that it meets the high expectations it has set itself.
Finally, it should also be noted that Pluto is not a radical new feature. Microsoft indicates that the first version was integrated into the Xbox One console to make it more difficult to use unauthorized copies, and since then it has been perfecting its base. It can now also be found in Azure Sphere, a hardware and software solution designed to protect devices from the Internet of Things.
For now, Microsoft has not revealed when the first computers protected by Pluton will appear, limiting itself to saying that it will soon publish more details.