back to article Windows giant seeks Pluton-ic relationship with chipmaker: AMD first out of the gates with Microsoft's security processor

It's been a while coming, but it looks like PCs with Microsoft's Pluton security processor are just around the corner. So long as your silicon of choice comes from AMD, for the time being at least. Pluton was first announced in 2020 and is rooted in anti-piracy protection developed for Microsoft's Xbox console some years …

  1. Arthur the cat Silver badge

    In geology a pluton is an intrusive block that disrupts existing things, sometimes catastrophically. This seems similar.

  2. Adair Silver badge

    Excuse my ignorance, but ...

    is this relevant to anyone not running Windows on their machines, or does this mean we need to ensure we have user/admin control over the TPM module before purchasing the machine/motherboard?

    1. Doctor Syntax Silver badge

      Re: Excuse my ignorance, but ...

      Come to that, what's the advantage to anyone who is running Windows? Is it yet another weapon for Microsoft in their conflict of interest with their users?

      1. ThatOne Silver badge

        Re: Excuse my ignorance, but ...

        > what's the advantage to anyone who is running Windows?

        Making sure you only run genuine, verified Microsoft-certified software - and nothing else. It's chilling.

        I admit this can be an IT department's wish, but what does it spell for those who own their own computers, and, heaven forbid, want to use a non-Microsoft OS?

        1. Anonymous Coward
          Anonymous Coward

          Re: Excuse my ignorance, but ...

          Or probably more DRM just to try and watch a damn movie!

        2. nematoad
          Stop

          Re: Excuse my ignorance, but ...

          "Making sure you only run genuine, verified Microsoft-certified software..."

          My sister just bought herself an el-cheapo Asus laptop. When I got dragged in to set it up, I had to fight with something called Windows 'S' mode. Now not having used any MS stuff for over twenty years this was a bit of a shock. What was more of a shock was the error message spread across the screen complaining about an "un-verified" program and did I want to install it? Personally I wanted to un-install the whole bloody mess and put a decent OS on the damned thing but it wasn't my laptop so I was stuck and it took me a long time to get rid of 'S' mode so that I could get on and setup the laptop as requested. Time wasted and temper definitely frayed but I got there in the end.

          Oh!

          The 'unverfied' program I was warned about?

          Something called"powershell.exe" No idea where that came from and I didn't install it as I had been warned off.

          Thanks MS.

          1. Michael Habel

            Re: Excuse my ignorance, but ...

            In all fairness wasn't the "S" version of Windows the most basic, and locked-down version of Windows. hence why its sold primaraly to Schools, most of whom would have wished for such a locked out version of Windows. As such it only allowed you to install "Apps", from the M$ Windows, AppStore, so the question here (I guess), is if Powershell is in the Store or not?)´.

  3. msknight

    "Going beyond TPM, Microsoft suggested scenarios for the tech to provide greater visibility into the state of the platform with signals being reported back to Intune and Azure Attestation Service in the future." ... that needs clarification as to what it means for non-Windows users, or I won't be using it.

    1. b0llchit Silver badge
      Mushroom

      It is the prelude to not-your-computer computing. It is meant to prepare you to accept the overlords and pay them what they say they are owed (your money, thoughts, works and soul).

      1. fidodogbreath

        Indeed. From Ars Technica:

        "Microsoft already used Pluton to secure Xbox Ones and Azure Sphere microcontrollers against attacks that involve people with physical access opening device cases and performing hardware hacks that bypass security protections. Such hacks are usually carried out by device owners who want to run unauthorized games or programs for cheating."

        1. Michael Habel

          Ok, do I own the phyisical hardware or not. (i.e. Do I own my College Textbook, or not?), sure I can not clame to own the words written there-in. But, if its "my book", then I should be allowed to deface, said object with Highlighter markers, and as many side notes, as I need to take for that that couse.

          So M$, Nintendo, and S0NY, can attempt to make such hacks as difficult as possible. But, I am under the understanding that the DMCA, does not ciminalize the art of the Jailbrake. which has other uses beyound just sailing the high seas.

      2. Anonymous Coward
        Facepalm

        "It is the prelude to not-your-computer computing."

        No, that's already mainstream with each and every Apple device. If it works for Apple, at MS they should have asked why it can't work for them too...

      3. Michael Habel

        You will own nothing, and be happy. If, not we have Pills that can help with that...

    2. ThatOne Silver badge
      Unhappy

      > or I won't be using it

      Well, you eventually will, when the old CPUs not having this feature start getting difficult to source. Don't forget it's not some isolated opt-in feature, it's the future of computing: Welcome to The Walled Garden...

    3. Michael Habel

      But, if AMD, and eventually Intel are going to be implanting these into their lattest, and greatest. Then there is a good chance you will be using it at some point.

  4. UCAP Silver badge
    Facepalm

    Microsoft has also stated that the Pluton hardware will be updateable through Windows Update

    So basically it is programmable. Another security hole opens up, thanks to Microsoft.

    1. captain veg Silver badge

      irony meter exploded

      So Microsoft realised a few years ago that it was congenitally unable to write secure code and turned to a brute hardware fix instead.

      Now it wants the hardware to be programmable.

      This looks like history repeating as farce. Reminds me of when, having failed to interest the world in stuffing desktop Windows on to phones they then tried to make everyone use a phone OS on their desktops.

      -A.

    2. Snake Silver badge

      Your BIOS is updatable, that is programmable, therefore you've ALWAYS had this form of vulnerability. If a BIOS can be protected enough that you do not seem worried about it during your course of normal computing operations then Pluton will be the same.

      Not that I'd want to have it based upon their current description, mind you. But worrying about its security whilst accepting BIOS updates seems unfounded.

      1. Charles 9

        Different degree of pwnage. BIOS images often can't be updated through Windows and require booting to a single-user OS, plus obscurity means (1) there are a lot of different BIOS types to figure out, and (2) it's hard to figure out which one is appropriate for any given intrusion.

        This Pluton looks to make it a SPOF.

      2. nijam Silver badge

        > ... therefore you've ALWAYS had this form of vulnerability ...

        And now you're going to have a second version of it.

      3. the spectacularly refined chap

        Your BIOS is updatable, that is programmable, therefore you've ALWAYS had this form of vulnerability.

        So I'm dreaming of the days when a BIOS update meant pulling chips and inserting replacements?

        Different vulnerability with an entirely different attack surface though. As in zero for stuff running in protected mode. This is more akin to microcode updates but at a higher and potentially more discriminating level of abstraction.

    3. JoeCool Silver badge
      Black Helicopters

      Progammable is what you want

      Otherwise an individual doesn't really own their HW anymore.

      Isn't the alternative to give up control to "the central authority" ?

      Not saying Pluton is solving a real problem or not, since there isn't enough technical info to evaluate it. But the minute they attach the tag "Consumer tech" or "Retail tech" there will be a religous war.

      1. Michael Habel

        Re: Progammable is what you want

        Here's the exact problem. What exatctly IS the problem that is in need of fixing? How does this "problem solving" help me? it seems to me that this is less of a helpful, and cheery securtity fix, but more of a nany-state oversight, to prevent, me from using my equipment in a way that might lose someone somewhere a Dolllar or two.

        HEAVENS FORBID! That M$, and Adobe might have lost a Sub somewhere.

  5. AnotherName
    FAIL

    "Microsoft has also stated that the Pluton hardware will be updateable through Windows Update"

    What could possibly go wrong! WU is not known to have broken anything ever...

  6. Anonymous Coward
    Anonymous Coward

    Pluton

    The God of Money (& Hell).

  7. stewwy

    So another play for.....

    World domination from Microsoft.

    It's no longer "All your bases belong us"

    More "Everything belong us''

    1. Snake Silver badge

      If true...

      Shouldn't we consider Intel's Management Engine on the same level? It's even running under Linux.

      1. Anonymous Coward
        Anonymous Coward

        Re: If true...

        Yes

      2. A random security guy

        Re: If true...

        Yeah, Intel is using minix. However, Intel is not used universally. MS is used in the cloud and on most desktops. It is several trillion dollars big.

        But the question remains: what happens with Linux.

        1. ThatOne Silver badge
          Devil

          Re: If true...

          > But the question remains: what happens with Linux.

          I guess you'll be free to use the Windows Subsystem for Linux, as long as you have a genuine, verified Windows installation and don't mind the ads and the spying.

        2. wub

          Re: If true...

          From what the article says, it appears to depend on whether the "OEM" whoever that might be for us white-boxers gets to decide whether to turn this thing on. If they come from AMD, Intel etc with TPM activated, WSL could end up our only choice for Linux...

          ...until the whole system gets hacked by some very clever sod.

          1. UCAP Silver badge
            Joke

            Re: If true...

            Hacked in 3 ... 2 ... 1 ...

          2. ThatOne Silver badge

            Re: If true...

            > it appears to depend on whether the "OEM" whoever that might be for us white-boxers gets to decide whether to turn this thing on

            I'm pretty sure OEMs will get a nice discount for enabling it, and also that only Microsoft-certified ($!) OEMs get the tools to play with this. Definitely not the DIY computer builder. There is no point in a cage if you leave the keys on the door, is there.

            As for hacking it, I'm afraid when it happens it won't be an "Escape from Walled Garden" type scenario, but rather a "The End is nigh" type security nightmare, since it means really, definitely invincible malware you can only get rid of by ripping out your expensive CPU and trashing it...

  8. Anonymous Coward
    Anonymous Coward

    The funny part I see

    is that people are saying "but it's my PC" they don't want someone else injecting code into it

    but when it comes to your body/life,,,, you know there this is going, and the end result is the same.

    1. ThatOne Silver badge
      Thumb Down

      Re: The funny part I see

      Ridiculous. Completely different. Apples and not even oranges.

      It's my PC alright, and yet I "inject" somebody else's code into it all the time, cause believe it or not, I didn't write an OS, not even the software running on it!...

      As for your body, you "inject" foreign stuff into it all the time, else you'd be dead by starvation a long time ago. The only difference is that a cold beer is "okay", while the nasty vaccines built by [enemy] to [nefarious task] are desecrating the sacred temple of your body. Yes, yes, vaccines (of all kind) are bad, it's a base tenet of conspiracy nuts worldwide.

  9. BPontius

    Most motherboards have TPMs built into the UEFI now, so Microsoft's chip is irrelevant as far as TPM security. I don't see it selling as Microsoft has long burned up any level of trust with it's Windows users. AMD and Intel will end up dropping it due to low sales or sell exclusively for XBox. I will definitely NOT put one in my PC!!

    1. ThatOne Silver badge
      Unhappy

      > I don't see it selling

      And who told you you'll have a choice? Obviously restrictions aren't volunteered for, they are imposed: Once all CPUs have this Pluton module, in a year or two, you will be forced to use it, no matter if you want it or not.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like