First Microsoft Pluton-powered Windows 11 PCs To Start Rolling Out this Year 61
In November 2020, Microsoft took the wraps off its Pluton security chip, with the goal of bringing it to all Windows 10 PCs. It wasn't until this week, that any of Microsoft's OEMs announced their first Pluton-powered PCs. From a report: At CES, Lenovo unveiled its Ryzen-6000-based ThinkPad Z series laptops running Windows 11, which will integrate the Microsoft Pluton processor. The coming ThinkPad Z series laptops will begin shipping in May 2022. Thanks to Pluton, these devices will be able to receive updated firmware using Windows Update. In the ThinkPad Z13 and Z16, Pluton will help protect Windows Hello credentials, according to Microsoft, by further isolating them from attackers. These new ThinkPads will use Pluton as their TPMs to protect encryption keys from physical attacks, Microsoft officials said. Microsoft pioneered Pluton first in Azure Sphere, its Linux-based microcontroller, and in Xbox. In a January 4 blog post, Microsoft officials noted that Pluton can be configured in three ways: As the Trusted Platform Module (TPM); as a security processor for non-TPM scenarios like platform resiliency; or inside a device where OEMs have opted to ship with the chip turned off.
Why Microsoft? (Score:2)
Why did it need Microsoft to create this? Moving TPM on to the CPU die to prevent bus sniffing doesn't seem like rocket science. Why wouldn't someone like AMD create their own, or just license from Infineon or similar? For that matter why didn't Microsoft do that instead of creating Pluton when they wanted to protect the xbox? Designing a security co-processor that needs to be integrated into a CPU doesn't seem like a typical Microsoft product. The article doesn't provide any background info, and not much o
Re: (Score:2)
Re: Why Microsoft? (Score:1)
No lol needed, it is a fact. Microsoft is part of the panopticon. Everything "security" related that they do is not for your benefit.
Re: (Score:2)
a) What is "mainstream" Linux?
b) In how far ist it "no better"? Even the systemd abomination does not spy on you AFAIK.
Re: (Score:2)
No lol needed, it is a fact. Microsoft is part of the panopticon. Everything "security" related that they do is not for your benefit.
Pretty much. They want part of that cake that Google, Facebook, etc. is getting fat on and they will do any and all privacy violations they think they can get away with.
Re: (Score:2)
Why does it matter who created it? Why did it need Apple to create the "secure enclave"?
I didn't say it mattered, I asked a question because I'm interested in the background to this.
It isnt integrated into a CPU, it is separate and external to the CPU.
Wrong.
"The Pluton design removes the potential for that communication channel to be attacked by building security directly into the CPU." -- Microsoft
"Finally, the Ryzen 6000 chips all include a Microsoft Pluton security processor" -- arstechnica
Clearly you know nothing on the subject, and certainly don't have any useful information to add, so I wonder why you wasted your time replying.
Re: (Score:2)
"Finally, the Ryzen 6000 chips all include a Microsoft Pluton security processor" -- arstechnica
Oh, crap. AMD will have to make very sure this can be reliably deactivated.
Re: (Score:2)
So now Microsoft will be able to run amok and brick the very CPU in my computer? That sounds like SUCH a good idea. Sigh.
Mmmmmm (Score:5, Informative)
forced firmware updates not under my control, I can't wait! /s
Re: (Score:3)
Especially since BIOS updates and such never go sideways [neowin.net].
Re: (Score:2)
These days failed BIOS updates are usually recoverable. Most decent motherboards have a feature that lets you update the BIOS from a USB drive, even without a CPU.
Advice: Do not buy. Spread the word. (Score:5, Insightful)
Any argument "it's optional" or whatever, no, not the point.
The point is that this sort of thing is an attempt of the vendor to grab and retain control over the device you bought after you bought it. In other words, the mere existence of the thing is an attack on your ownership.
And the most direct means is to demand hardware without any such ties. Starting with this.
Afterward, realise that iME and PSP are similarly rotten: The NSA won't buy it unless it comes with an off switch. So they get the off switch. You don't. Up to you to demand it too. Same with this. Tell your friends. Spread the word.
windows 11 or windows 10? (Score:1)
title says windows 11 - first sentence of the post says windows 10.
which is it?
Re: (Score:2)
There were/are goals for Win10 compatibility. So far, the first laptop with Pluton in it has been released, and runs Win 11. I don't think there's an incompatibility in the contexts as stated.
The end of file ownership on the PC... (Score:5, Informative)
... ahh the great disposession of the unwashed.
They're killing the PC as an open platform, this has been going on for 23+ years in the gaming industry by killing off local exe's. They want to lock down the PC and turn it into locked down consumer appliance with no file/program access eventually in the bid to kill piracy.
This why Trusted computing was born. see here:
https://www.cl.cam.ac.uk/~rja1... [cam.ac.uk]
Re: (Score:1)
How so?
The plan is to slowly lock down the PC with TPM, because microsoft and intel don't want hardware recalls they are moving us towards trusted computing. PC games multiplayer networking code being stolen out of the game started with ultima online in 97, lineage in 98 and everquest in 99. There's no reason for ANY game or application to require a second computer hundreds of miles away for its multiplayer or any other game or application to continue to function. This was the bid to use the internet a
Trust microsoft? (Score:2)
Is this an onion article or something or are we supposed to take it seriously? Using a TPM chip by Microsoft to secure your computer is like making a cat the head of birdcage security.
Re: (Score:1, Interesting)
Well... yes. You saw Xbox 1 and how it was completely pwnd. Xbox 360 depended on exotic hacks, such as rewriting the firmware of the dvd drive in order to compromise the system. Yet with the Xbox One there are absolutely zero hacks. You can't go onto pirate bay and torrent your favorite game anymore. So I would argue that Microsoft has taken security quite seriously. The fact that they are opening up this platform is great, because it means secure compute for the masses (your linux box wouldn't have secure
Re: (Score:1, Troll)
Pluton? (Score:2)
We'll have to wait and see... (Score:5, Insightful)
If you can't disable it and you can't revoke keys, then we have a problem.
Go figure (Score:3, Funny)
The plutoncrats want us to use Pluton.
and maybe windows store sorry gog and steam can't (Score:3)
and maybe windows store sorry gog and steam can't be in app store.
And games with user mod's and maps just hope the editor can run in game exe
How "optional" is is? (Score:5, Interesting)
I wonder how "optional" this will be. TPM chips are useful, and until Windows 11, pretty much completely optional. It is just a cryptographic processor as part of the system. However, will Pluton be like the old Palladium/NGTCB and a part of the system, or essentially "TPM 3.0"?
If it is similar to Apple's T2 chip, that will be a mixed bag, because the T2 chip is an integral part of the boot process and requires Apple only SSDs to work.
I'm just hoping this is just a TPM chip on the die. If it allows for credential storage, volume encryption key storage, and other stuff like a TPM chip... but can just be completely set aside if need be, it may not be a bad thing, especially if Linux distributions can take advantage of it for startup protection.
Linux with NO nvidia driver as that needs 3rd par (Score:3)
Linux with NO nvidia driver as that needs 3rd party modules and may not work in Secure Boot mode.
Re: (Score:2)
TPM would be PCR measurement. For example, to have an initramfs that can decrypt volume if and only if the boot loader, kernel, and initramfs measurements passed (assuming it was sealed to all the PCRs). A tad orthogonal to SecureBoot, which merely has each chunk of code read and verify the public signature of the next part.
I have secureboot enabled with 3rd party modules, but I had to enroll my signing key to do so
Re:How "optional" is is? (Score:4)
but can just be completely set aside if need be, it may not be a bad thing
Yeah! I mean Intel Management Engine was a great idea....
Re: (Score:3)
CPUs already have TPM inside them, in the form of the Firmware TPM.
Re: (Score:2)
TPM can only be set aside as far as software will let it. You're talking about boot process dependency on T2? If you enable secure boot and TPM in your UEFI the one depends on the other. A failure of the TPM will nuke both your secure boot keys as well as (if you use it) your bitlocker credentials).
I just upgraded my CPU (fTPM enabled) and was hit with a wonderful triple whammy:
1. Forced Secureboot UEFI key reset or an unbootable main drive.
2. Typing in my 48 character bitlocker recovery key or an unbootabl
Sounds like Looney Tunes stuff (Score:4, Funny)
Saying something is pluton-powered sounds like something the folks at Looney Tunes made up. Like an Illudium Q-36 explosive space modulator.
Re: (Score:2)
Re: (Score:2)
More like MS is saying that instead of bricking your computer with bad software, they are now going to rock [geologypage.com] it with DRM hardware.
Sounds like another form of (Score:5, Insightful)
latest backdoor technology? (Score:3)
because the idiots at the NSA and amongst the administration never learn, despite the steam pile of crap IT security is right now DIRECTLY because of their policies.
I read that as "Plutonium" at first (Score:2)
Would anyone that knows anything trust M$Soft (Score:2)
Re: (Score:2)
MS has time and again demonstrated incompetence and callousness against its users. The day I will put a piece of MS hardware like this one in my computer will be a cold day in hell. I will not completely rule it out, but after that I will regard that computer as a vendor-owned game-console type device, not as a general purpose computer.
Aptly named (Score:3)
Pluto, the god of Hell. Apparently MS is not satisfied with its regular torture of its users, it wants to inflict more damage.
We need an alternative to secure boot (Score:3)
All that is really needed is a simple write protect latch the operating system throws prior to switching to user mode. If you want to install an update to the operating system you throw the update somewhere the system reboots, checks integrity and applies update prior to switching to user mode again.
No craziness required.. the solution to protecting firmware is simply disallowing hardware with the capability to perform persistent updates. Any firmware updates are pushed to hardware upon boot.
This would be way easier and way more secure than the current secure boot nonsense.
How about I run Linux instead (Score:2)
And I install driver and firmware updates 6-8 weeks after the bleeding edge users and white hats have done so. If it seems bad, then I won't do it. If the tarball or distro package is not signed, I won't install that either.
This is from the older /. article. (Score:3)
Microsoft made this originally to try to stop xbox pirates in 2013.
Microsoft said Pluton made its first appearance in the Xbox One back in 2013 to make it far more difficult to hack the console or allow gamers to run pirated games. The chip later graduated to Microsoftâ(TM)s cloud service Azure Sphere, used to secure low-cost Internet of Things devices.
Re: (Score:2)
fuck. [techcrunch.com]
It's been fucking 25 years, can we get an EDIT button?
Re: (Score:2)
Pluton ... Firmware Updates? ... (Score:2)
I don't understand what one has to do with the other? My 7 year old Surface Tablet doesn't have a Pluton, it has plenty of firmware updates. My 5 year old Dell Latitudes gets its share of firmware updates rolled out by whatever update mechanism my company uses for software updates as well.
What's Pluton got to do with any of this?
Dear Microsoft (Score:2)
Hugs and kisses,
LeeLynx
IDGAF so long as you can turn it off (Score:2)