Microsoft brings Trusted Platform Module functionality directly to CPUs under securo-silicon architecture Pluton Microsoft has joined hands with Intel, AMD, and Qualcomm to release a new security processor architecture called Pluton, which Redmond reckons will delete "entire vectors of attack" from the infosec landscape. "Our vision for the future of Windows PCs is security at the very core, built into the CPU, for a more integrated …
Alien hardware approaching Will Robinson.
So, we have a hardware element that can't be bypassed, and of course is completely bug free, and lets you run any OS you like. Now and in the future.
Anyone want to buy this bridge?
P.S.
The only hardware security I want is a mechanical switch.
Correct me if I'm wrong, but didn't AMD already do this? The TPM functionality is implemented by the PSP, which makes largely the same claims as Pluton here.
Or was AMD lying somewhere about PSP capabilities?
Oh, and the PSP has already been hacked. Along with the IME. Seems the super secure secret environments running God-knows-what signed proprietary firmware weren't so secure after all! How is Pluton (supposedly) different?
... the very first thing a Security Professional reaches for in an emergency is something endorsed by Microsoft.
Honestly, the mind boggles .. They can't write secure code, so they expect all of us to trust some hardware dingus that they endorse? Fuck that. I have better things to secure my systems with. And yes, that's a sight unseen statement. I have history on my side. Microsoft has NEVER been able to get security right. Only a fool would trust them at this point.
Anti-piracy on the new XBox. DRM so deep, everything is locked to the processor. Dell is already getting heat for fusable links in AMD processors that on first boot lock the CPU to the motherboard and firmware. Kills grey market right there for those processors. Microsoft and much of the gaming industry has always been intent on killing resales of anything.
Quote: "how many people actually buy a new CPU without getting a newer, more-capable motherboard"
Plenty from what I've seen, especially if on AMD.
Only AMD have done any real architecture changes in recent years, and they've been on AM4 sockets for what, four main generations now? Granted if you doing a major generation jump on AM4, you might need a new board, but all AM4 boards, even budget ones, let you upgrade at least one generation, and if you've got an X***chipset board, then you can typically upgrade 3 generations of AMD, and those generations, are reasonably substantial architectural changes.
For example many mid range B350 boards (original Zen), also support Zen+ & Zen2. All B450 and X470 boards support Zen, Zen+ & Zen2 with many even supporting the new Zen3 CPUs.
Motherboards haven't really added any new killer features for years now, they all have multiple PCIe slots, SATA, NVMe M.2, DDR4, onboard sound, USB 3+ etc etc. The only thing that really differentiates one from the next, is how many of each item they have, so you buy based on requirements.
The only real new feature to be added recently is PCIe 4.0, AMD added support back in Jan 2019, and Intel a few months back. But this doesn't really provide much benefit over PCIe 3.0 currently (small single digit % gains, not really noticeable in real use).
People buy what they need, or what they can budget for, at the time of purchase. If a few years later they want something faster, (and unless you have money to burn), the first thing you do is check what you can fit in your current set-up.
If you're on an AM4 board, then you can usually switch to newer generations of CPU. Even on Intel, whilst you're stuck with the same generation chip, going from an initial i3 or i5, to an i7 or i9 on the same board is still far easier and much more cost effective than switching out the motherboard as well.
That depends on how old your current hardware is. Now, three-year-old mobos are one thing, but the difficulty rises from there. What happens if it's five years old? Or eight? For example, it would be tricky to upgrade from a Sandy Bridge CPU to say a Haswell or newer, as the CPU sockets differ. Now, AMD I'll grant you has been able to keep its AM4 socket running for a lot longer than usual, but even then there are caveats, such as not being able support the whole gamut of CPUs due to BIOS memory limitations . Plus, even AM4 is running out of time. AMD's commitment to it ends this year.
My immediate reaction was is this really about the User/Owners security or MAINLY about DRM that they think can't be bypassed?
Video, audio, ebooks etc are simple, point a camera and if audio, connect to earphone jack.
I admit bypassing DRM on programs is a little harder. But it's more about corporate control than stopping piracy and removes rights users traditionally had.
"... more about corporate control... "
That's entirely the intent of what it is and I don't think these companies will deny that (apparently some of them want this). The problem is as always, it will bleed over to all "computers" and eventually your computer hardware won't be "chip to cloud" but "rental to MegaCorp." (and of course the usual CIA, NSA, etc.).
On a up note, at least now all those "Microsoft is a new company!" fan boys can now be safely labeled as delusional and/or blind.
This post has been deleted by its author
Anything that can be built ..... can be unbuilt [Broken] !!!
I expect that Pluton will be hacked by 2023 (at the latest) and more promises of 'Real Security' will be made by 2024.
I would much rather have software that worked and was not 'patched' in a never ending process.
i.e. Windows 10 and most[all ???!!!] software that runs on it !!!
I am sure all that money could be better spent on improving the software we all use.
Hello, puny human. I am from the fuuuuutuuuure... 3 months after the release of Pluton.
I am here to tell you about Plutonium, an exploit that gives you remote full memory access to the host operating system. A sexy Bootstrapped Angular React site designed by a CS grad has been set up at plutonium.io for your perusal/spook.
Bow to your new gods... Plutoniuuuuum.
...is as shown in your lede photo - LGA package on a PGA socket - then we have nothing to worry about; it won't work and will fall apart instantly.
Yes, I know that's just a generic shutterstock/alamy type image. Makes me laugh though. Did someone give the (non technical) photographer a pile of PC parts and say "take some photos we can license"?
Yes, I know that's just a generic shutterstock/alamy type image. Makes me laugh though. Did someone give the (non technical) photographer a pile of PC parts and say "take some photos we can license"?
You're not going to make yourself popular by giving away trade secrets :).
Hmm - sounds like a full entrenchment of the proprietary "back door", provided by the likes of Intel's "Management Engine", but now covering every main stream processor architecture and vendor. For anyone unfamiliar with how secret and embedded this hardware has become, see for instance at https://libreboot.org/faq.html#intel . As it is, the only people who will know how the "security" actually works will be the same people whom you do *not* want rummaging around your files or your network. As far as I can tell, the only available generic hardware *without* a built-in "back door" processor would be something like the "HiFive Unmatched" system board from SiFive, based upon the open standard RISC-V Instruction Set. See for instance https://www.sifive.com/boards/hifive-unmatched . Perhaps RISC-V is the only thing left that will allow trusting the hardware, instead of "trusting big-brother".
Oh! Thanks for that. PowerPC is still a thing!
https://en.wikipedia.org/wiki/List_of_open-source_computing_hardware
https://www.raptorcs.com
https://www.raptorcs.com/BB/
Hmm - OpenBMC -
https://developer.ibm.com/technologies/linux/articles/openbmc-overview/
Your own Linux running in the Board Management Controller! That's better than proprietary - but maybe not better than nothing.
Of all the - how many? - office and ordinary home PCs, whether branded as "Pluton" - is that meant to be a pun on "Putin"? - or Intel Management Engines or AMD Secure Platform Processors or just generic Baseboard Management Controllers, what number of these system's users have actually ever gone and remotely re-installed their system software? And really, how many of those users actually even know that such a thing is possible to do from the internet? This management controller doesn't come across as a "must-have checklist feature".
More interestingly perhaps, what happens when some systemic side-channel hardware security flaw is discovered in all these built-in management controllers, and every internet connected PC in the world suddenly has its system software and user files unexpectedly rewritten? Cryptoviral extortion will seem like "old news". I suppose that someone could make the movie first, before we try it out in the real world.
It sounds more like SecureBoot to me.
Mind you, that was hailed as the end of being able to install Linux when it was announced too.
.. so if it isn't fully open and also supports things like Linux directly on this hardware it's Just Another Lock IN Strategy in the guise of security and no, I don't buy it that opening it up would make it less safe. Keepings things closed is exactly where the problems hide in the first place.
It would be interesting if Microsoft for once came up with something that was new, and not a new variant of an old tactic. Then again, I could agree that they don't have to because people keep falling for the shiny stuff without looking underneath.
Kerkhoff's principle or the Shannon maxim cannot apply in a fixed-hardware setting because of the Siege Problem; namely, everything about the hardware is by necessity pinned down at manufacture: including the keys. That means security through obscurity (at least of the keys) is the only option left. Furthermore, Kerkhoff may have been a bit naive when it comes to advances in cryptanalysis being able to poke holes in algorithms, be they open-source or not. And again, by necessity, most implementations are fixed in place and cannot be changed without breaking things. That was one reason Triple-DES had to be developed after holes were found in DES yet they couldn't really replace the hardware that depended on DES: it was a way to strengthen encryption while still using fixed DES hardware.
Microsoft, Intel, AMD, and Qualcomm are all companies headquartered in the USA.
Microsoft: headquartered in Redmond, incorporated in Washington State
Intel: headquartered in Santa Clara, incorporated in Delaware
AMD: headquartered in Santa Clara, incorporated in Delaware
Qualcomm: headquartered in San Diego, incorporated in Delaware
That means the NSA back door will be baked in. Which the 5 eyes / 9 eyes / 14 eyes will be happy with, and everyone else is either a minor player who doesn't matter, or 'the enemy'.
Anyone (Government/Private organisation/Individual) not happy with that needs to find a hardware choice that can be audited, and if incorporating similar technology, have local control over master encryption keys. Obviously other large players are not concerned over whether the hardware/software combination is open: only that it is accessible and controllable by them (e.g. China, Russia).
I don't see a bright future for open hardware.
NN
The thing I never quite understood about Bitlocker (MS's full drive encryption) working with a TPM is this:
If you don't have a hardware TPM chip (which most non-OEM motherboards don't have), then Bitlocker will prompt you for a password on boot, without which you can't access the harddrive. Like most other full-drive encryption methods.
However, with a TPM, Bootlocker knows that the harddrive is in the correct PC, and will unlock it automatically as part of the boot process.
So as far as I can tell, if you have the 'extra security' of a TPM, it makes it less secure.
Maybe I'm missing something.
A password can be snooped, blackmailed, or coerced. All they'd have to do then is physically remove the drive from its chassis and transplant it into another machine: either before or after getting the password.
TPM Bitlocker is meant to block physical transplanting of the drive (think an Evil Maintenance Guy attack), and if set accordingly there's no way to bypass it. If it isn't in the same machine as that specific TPM, it's no-go, full stop.
It's basically different horses, different courses.
TPM Bitlocker is meant to block physical transplanting of the drive (think an Evil Maintenance Guy attack), and if set accordingly there's no way to bypass it. If it isn't in the same machine as that specific TPM, it's no-go, full stop.
That's not actually completely correct. If you have the Volume Master Key (or indeed the Full Volume Encryption Key), you can decrypt the storage device without the TPM.
The Full Volume Encryption Key (FVEK) is encrypted with the Volume Master Key (VMK) , and stored on the storage device. What's more, if you have a recovery key enabled, then the Volume Master Key is encrypted with the Recovery Key and stored on the storage device. So far, no TPM involvement.
So if you have the FVEK, you can decrypt the device.
If you have the VMK, you can decrypt the device.
If you know the recovery key (and that function is enabled), you can decrypt the device.
All without the TPM.
Getting hold of the above is quite possibly difficult, but not impossible.
Pulse Security: Extracting BitLocker keys from a TPM
Elcomsoft: Unlocking BitLocker: Can You Break That Password?
Note that:
If you have a modern device that supports automatic device encryption, the recovery key will most likely be in your Microsoft account. For more, see Device encryption in Windows 10.
From: Microsoft: Finding your BitLocker recovery key in Windows 10
So getting hold of your storage device's recovery key could be 'as simple' as compromising your Microsoft Account.
NN
All these secure enclaves and TPM chips are basically useless. Encrypt your hard drive and no one is going to be able to install rogue software on it.
Apart from the fact that no one can probably bypass this security....except for the NSA in collaboration whom Microsoft designed this chip.
I'll hold out for a suitable RISC-V desktop processor running open-source firmware and operating system to keep my privacy.
Smoke and mirrors is right, and I couldn't agree with you more. Nobody who values security would deliberately pick any CPU afflicted by this kind of nonsense. It is a terrible idea however you look at it.
Any DRM will be cracked wide open sooner or later, and if the user has no access then it becomes a massive security problem that can't easily be fixed. I doubt it would take long before the backdoored chip was being accessed on a global scale by *all* the security services and criminals out there - and not just the ones who helped design it.
And as for Microsoft doing security when they can't even manage to issue a Windows update without breaking their own hardware and software? No thanks!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
