Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Microsoft Security

First Microsoft Pluton-powered Windows 11 PCs To Start Rolling Out this Year 61

In November 2020, Microsoft took the wraps off its Pluton security chip, with the goal of bringing it to all Windows 10 PCs. It wasn't until this week, that any of Microsoft's OEMs announced their first Pluton-powered PCs. From a report: At CES, Lenovo unveiled its Ryzen-6000-based ThinkPad Z series laptops running Windows 11, which will integrate the Microsoft Pluton processor. The coming ThinkPad Z series laptops will begin shipping in May 2022. Thanks to Pluton, these devices will be able to receive updated firmware using Windows Update. In the ThinkPad Z13 and Z16, Pluton will help protect Windows Hello credentials, according to Microsoft, by further isolating them from attackers. These new ThinkPads will use Pluton as their TPMs to protect encryption keys from physical attacks, Microsoft officials said. Microsoft pioneered Pluton first in Azure Sphere, its Linux-based microcontroller, and in Xbox. In a January 4 blog post, Microsoft officials noted that Pluton can be configured in three ways: As the Trusted Platform Module (TPM); as a security processor for non-TPM scenarios like platform resiliency; or inside a device where OEMs have opted to ship with the chip turned off.
This discussion has been archived. No new comments can be posted.

First Microsoft Pluton-powered Windows 11 PCs To Start Rolling Out this Year

Comments Filter:
  • Why did it need Microsoft to create this? Moving TPM on to the CPU die to prevent bus sniffing doesn't seem like rocket science. Why wouldn't someone like AMD create their own, or just license from Infineon or similar? For that matter why didn't Microsoft do that instead of creating Pluton when they wanted to protect the xbox? Designing a security co-processor that needs to be integrated into a CPU doesn't seem like a typical Microsoft product. The article doesn't provide any background info, and not much o

    • by Merk42 ( 1906718 )
      Now we know it's a bad thing, because M$ did it! LOLOL
      • No lol needed, it is a fact. Microsoft is part of the panopticon. Everything "security" related that they do is not for your benefit.

        • by gweihir ( 88907 )

          No lol needed, it is a fact. Microsoft is part of the panopticon. Everything "security" related that they do is not for your benefit.

          Pretty much. They want part of that cake that Google, Facebook, etc. is getting fat on and they will do any and all privacy violations they think they can get away with.

  • Mmmmmm (Score:5, Informative)

    by IWantMoreSpamPlease ( 571972 ) on Wednesday January 05, 2022 @02:38PM (#62145991) Homepage Journal

    forced firmware updates not under my control, I can't wait! /s

  • by Anonymous Coward on Wednesday January 05, 2022 @02:39PM (#62145993)

    Any argument "it's optional" or whatever, no, not the point.

    The point is that this sort of thing is an attempt of the vendor to grab and retain control over the device you bought after you bought it. In other words, the mere existence of the thing is an attack on your ownership.

    And the most direct means is to demand hardware without any such ties. Starting with this.

    Afterward, realise that iME and PSP are similarly rotten: The NSA won't buy it unless it comes with an off switch. So they get the off switch. You don't. Up to you to demand it too. Same with this. Tell your friends. Spread the word.

  • title says windows 11 - first sentence of the post says windows 10.
    which is it?

    • There were/are goals for Win10 compatibility. So far, the first laptop with Pluton in it has been released, and runs Win 11. I don't think there's an incompatibility in the contexts as stated.

  • by blahplusplus ( 757119 ) on Wednesday January 05, 2022 @02:50PM (#62146033)

    ... ahh the great disposession of the unwashed.

    They're killing the PC as an open platform, this has been going on for 23+ years in the gaming industry by killing off local exe's. They want to lock down the PC and turn it into locked down consumer appliance with no file/program access eventually in the bid to kill piracy.

    This why Trusted computing was born. see here:

    https://www.cl.cam.ac.uk/~rja1... [cam.ac.uk]

  • Is this an onion article or something or are we supposed to take it seriously? Using a TPM chip by Microsoft to secure your computer is like making a cat the head of birdcage security.

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      Well... yes. You saw Xbox 1 and how it was completely pwnd. Xbox 360 depended on exotic hacks, such as rewriting the firmware of the dvd drive in order to compromise the system. Yet with the Xbox One there are absolutely zero hacks. You can't go onto pirate bay and torrent your favorite game anymore. So I would argue that Microsoft has taken security quite seriously. The fact that they are opening up this platform is great, because it means secure compute for the masses (your linux box wouldn't have secure

      • Re: (Score:1, Troll)

        The 90s have passed by MicroSuck is still paying anonymous trolls to shill for them. Remember The Halloween Documents. Never trust MicroTurd.
  • first thought ewww!
  • by CaptainLugnuts ( 2594663 ) on Wednesday January 05, 2022 @03:00PM (#62146073)
    If you can disable it in the BIOS and control the keys it uses in the BIOS then it's no big deal.

    If you can't disable it and you can't revoke keys, then we have a problem.

  • Go figure (Score:3, Funny)

    by Tablizer ( 95088 ) on Wednesday January 05, 2022 @03:03PM (#62146079) Journal

    The plutoncrats want us to use Pluton.

  • by ctilsie242 ( 4841247 ) on Wednesday January 05, 2022 @03:05PM (#62146087)

    I wonder how "optional" this will be. TPM chips are useful, and until Windows 11, pretty much completely optional. It is just a cryptographic processor as part of the system. However, will Pluton be like the old Palladium/NGTCB and a part of the system, or essentially "TPM 3.0"?

    If it is similar to Apple's T2 chip, that will be a mixed bag, because the T2 chip is an integral part of the boot process and requires Apple only SSDs to work.

    I'm just hoping this is just a TPM chip on the die. If it allows for credential storage, volume encryption key storage, and other stuff like a TPM chip... but can just be completely set aside if need be, it may not be a bad thing, especially if Linux distributions can take advantage of it for startup protection.

    • Linux with NO nvidia driver as that needs 3rd party modules and may not work in Secure Boot mode.

      • by Junta ( 36770 )

        TPM would be PCR measurement. For example, to have an initramfs that can decrypt volume if and only if the boot loader, kernel, and initramfs measurements passed (assuming it was sealed to all the PCRs). A tad orthogonal to SecureBoot, which merely has each chunk of code read and verify the public signature of the next part.

        I have secureboot enabled with 3rd party modules, but I had to enroll my signing key to do so

    • by dknj ( 441802 ) on Wednesday January 05, 2022 @03:36PM (#62146263) Journal

      but can just be completely set aside if need be, it may not be a bad thing

      Yeah! I mean Intel Management Engine was a great idea....

    • by AmiMoJo ( 196126 )

      CPUs already have TPM inside them, in the form of the Firmware TPM.

    • TPM can only be set aside as far as software will let it. You're talking about boot process dependency on T2? If you enable secure boot and TPM in your UEFI the one depends on the other. A failure of the TPM will nuke both your secure boot keys as well as (if you use it) your bitlocker credentials).

      I just upgraded my CPU (fTPM enabled) and was hit with a wonderful triple whammy:
      1. Forced Secureboot UEFI key reset or an unbootable main drive.
      2. Typing in my 48 character bitlocker recovery key or an unbootabl

  • by quonset ( 4839537 ) on Wednesday January 05, 2022 @03:21PM (#62146155)

    Saying something is pluton-powered sounds like something the folks at Looney Tunes made up. Like an Illudium Q-36 explosive space modulator.

    • We can only hope that rather than the Earth, Microsoft will end up blowing themselves up.
    • by jbengt ( 874751 )

      Saying something is pluton-powered sounds like something the folks at Looney Tunes made up.

      More like MS is saying that instead of bricking your computer with bad software, they are now going to rock [geologypage.com] it with DRM hardware.

  • by RitchCraft ( 6454710 ) on Wednesday January 05, 2022 @03:22PM (#62146173)
    DRM to me. Yuck.
  • by BardBollocks ( 1231500 ) on Wednesday January 05, 2022 @03:32PM (#62146231)

    because the idiots at the NSA and amongst the administration never learn, despite the steam pile of crap IT security is right now DIRECTLY because of their policies.

  • ... and thought a laptop powered by a Pu-238 RiTeG would be pretty cool. Infinite battery live. On second thought, why are my balls burning?
  • Am I the only person here who does not trust the same company that regularly reports bricking computers with Windows updates. Is this finally going to move people to shun M$Soft and install some distro of Linux ??? As a computer Tech in Southern California I am paid over 6 figures just to prevent "bad" M$Soft updates for 3 separate companies.
    • by gweihir ( 88907 )

      MS has time and again demonstrated incompetence and callousness against its users. The day I will put a piece of MS hardware like this one in my computer will be a cold day in hell. I will not completely rule it out, but after that I will regard that computer as a vendor-owned game-console type device, not as a general purpose computer.

  • by gweihir ( 88907 ) on Wednesday January 05, 2022 @04:37PM (#62146539)

    Pluto, the god of Hell. Apparently MS is not satisfied with its regular torture of its users, it wants to inflict more damage.

  • by WaffleMonster ( 969671 ) on Wednesday January 05, 2022 @06:24PM (#62146955)

    All that is really needed is a simple write protect latch the operating system throws prior to switching to user mode. If you want to install an update to the operating system you throw the update somewhere the system reboots, checks integrity and applies update prior to switching to user mode again.

    No craziness required.. the solution to protecting firmware is simply disallowing hardware with the capability to perform persistent updates. Any firmware updates are pushed to hardware upon boot.

    This would be way easier and way more secure than the current secure boot nonsense.

  • And I install driver and firmware updates 6-8 weeks after the bleeding edge users and white hats have done so. If it seems bad, then I won't do it. If the tarball or distro package is not signed, I won't install that either.

  • by waspleg ( 316038 ) on Wednesday January 05, 2022 @08:05PM (#62147263) Journal

    Microsoft made this originally to try to stop xbox pirates in 2013.

    Microsoft said Pluton made its first appearance in the Xbox One back in 2013 to make it far more difficult to hack the console or allow gamers to run pirated games. The chip later graduated to Microsoftâ(TM)s cloud service Azure Sphere, used to secure low-cost Internet of Things devices.

  • I don't understand what one has to do with the other? My 7 year old Surface Tablet doesn't have a Pluton, it has plenty of firmware updates. My 5 year old Dell Latitudes gets its share of firmware updates rolled out by whatever update mechanism my company uses for software updates as well.

    What's Pluton got to do with any of this?

  • Thanks but no thanks.

    Hugs and kisses,

    LeeLynx
  • So long as I can run any Linux distro without having to go through Microsoft bullshit to do it, IDGAF about this.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...