back to article For those worried about Microsoft's Pluton TPM chip: Lenovo won't even switch it on by default in latest ThinkPads

PCs coming out this year with Microsoft's integrated Pluton security chip won't be locked down to Windows 11, and users will have the option to turn off the feature completely as well as install, say, Linux as normal, we understand. The first Windows 11 PCs with Pluton built-in were shown at CES earlier this month. Major PC …

  1. The Empress

    What's the real function?

    Copyright protection for Microsoft products? Forced subscriptions for everything? Engineered obsolescence?

    1. Sandtitz Silver badge
      Stop

      Re: What's the real function?

      I can see lots of doubt, uncertainty and even fear in these comments. Not necessarily in that order.

      There was a lot of ballyhoo, furore and hoopla back when Secure Boot came out. Or TPM before that. Did they really make Linux harder to install or use? No.

      1. sten2012

        Re: What's the real function?

        It may be minor, but in all honesty it does, and short term (secure boot) the difference was significant.

        Now most and probably all major distros can boot with secure boot enabled but for a long time they couldn't, then a few could and even now I couldn't comfortably say all can.

        TPM, yeah, no.. I don't think that's ever impacted me.

        1. cyberdemon Silver badge
          Devil

          Re: What's the real function?

          Even now, Linux Distros tend to require a signing key from Microsoft to boot on EFI.

          Secure boot and "trusted computing" was always (IMO) for the purpose of locking down the hardware against "unauthorised modification" by its tenant "owner", and that included making it difficult to install an operating system other than Microsoft Windows (or Apple OSX in the case of Apple hardware, which IIRC was first to adopt TPMs).

          And for those users who have modified their PCs, microsoft and chums would like to lock them out of DRM'd software and digital content, including games (where it will be under the guise of anti-cheat measures).

          I fully expect Microsoft's recent purchase of Activision/Blizzard to introduce mandatory TPM checks. You can certainly forget about future compatibility with Wine/Proton.

          1. Smirnov

            Re: or Apple OSX in the case of Apple hardware, which IIRC was first to adopt TPMs

            You remember wrong. Apple never made use of TPMs, ever (macOS doesn't even know what to do with a TPM).

            And when Apple eventually came out with its own security processor for Macs, TPMs have already been common in business PCs and workstations for several years.

      2. Anonymous Coward
        Anonymous Coward

        Re: What's the real function?

        Did they really make Linux harder to install or use? No.

        Yes, for quite some time we had to install a shim before we could even install Linux on motherboards with Secure Boot if it couldn't be disabled.

        1. Blazde

          Re: What's the real function?

          My experience was a lot of hours wasted hunting down motherboards where Secure Boot could be disabled. Valuable hours which could have been more enjoyably wasted on ballyhoo, furore and hoopla.

        2. Ilgaz

          Re: What's the real function?

          You will still have to if you use kmod packages for Wifi etc. It can't be scripted/auto enabled either.

      3. Joe W Silver badge
        Flame

        Re: What's the real function?

        I guess you were not there? It did. Oh boy, the time wasted.

        Nowadays it works, as far as I can tell, and I have not really been bothered by it for a while. However,the headline of the last paragraph sort of sums up the concerns: it is apparently possible for the manufacturer to have this on by default with no way to disable it.

        I'm also pretty sure it will play a role for DRM[0] and media playback. When do people learn that they do impact honest customers with that stuff? I know one could once totally get relatively recent movie releases in (for that time, it was decades ago) ok quality[1], or to get games with removed copy protection (viruses included...), and I very much doubt the situation has changed since [x], and do people remember the hardware hack for the PS1? DRM cannot win over crackers and pirates, history has shown that. It is just a way to annoy paying customers[w].

        [0] anybody realised that the new Intel CPUs apparently cannot be used to play back high res BlueRay discs? The chip component is missing, as far as I understand. Since I own no BlueRay discs it does not impact me (I'm still stuck on DVDs...)

        [1] at that time films were released in the US months before they came to Europe, so some friends organised them, we watched them, and then went to see them on the big screen, which was more fun

        [x] there were cracked games for the C64 already, and that was over three decades ago!

        [w] like the "don't copy this movie" trailer on DVDs - I doubt anybody who is determined to copy the disc is deterred by that, don't get me stated on that unskippable carp! People who watche ripped DVDs DO NOT SEE THAT ONE!

        1. Anonymous Coward
          Anonymous Coward

          Re: What's the real function?

          I'd say that the whole "You wouldn't steal a handbag" crap that you can't skip pretty much encourages the existence of ripped versions.

          If I ever have to give a presentation to MPAA management, guess what the first 10 minutes will show?

        2. ibmalone Silver badge

          Re: What's the real function?

          Still need to disable it if you want to run Nvidia drivers on Fedora and any other linux taking an akmod approach, as the driver module can't be loaded otherwise. Fun. And the begging that was required to get MS to allow linux to be signed in the first place. Remind me again why MS the arbiter of what can run on PC hardware?

      4. JoeCool

        Totally justified distrust

        No one in the tech indistry is prioritizing individual users or ease of maintenance over their corporate agenda.

        An example:

        I have a Atom based tablet with hdmi output. That tablet has NEVER been able to output to ANY external display.

        Why ? hdcp. There's a signal coming out, but it doesn't get displayed.

        Which layer of the Stack is at fault ? Can't tell ! Is this behaviour within spec ?

        There is limited visibility into the end to end architiecture, and no troubleshooting capability. Each of Intel, Samsung, Microsoft, and LG operate in their own silo and just assume all the other layers are doing their job.

        Now how does Pluton actually work ?

        Does anyone have public specs ? So far it seems to be "trade secret" between MS & the equipment OEMs.

      5. Ilgaz

        Re: What's the real function?

        As RUFUS is open source/use open source components it had to suggest disabling secure boot to boot Windows 10 ISO. People flamed author of open source/free software since it is "disabling secure something".

        Reading PR response is one thing, reading manufacturers error messages is another https://www.asus.com/support/FAQ/1044664/

        It is called: Microsoft Secure Boot

    2. EveryTime

      Re: What's the real function?

      It's because TPM 1.1 and TPM 1.2 were borked. So TPM 2.0 was a re-think. Which turned out to be somewhat more subtly borked.

      1. Smirnov

        Re: What's the real function?

        Pretty much any hardware addition that was meant to improve security has turned out to be borked - think TXT or SGX.

        So it's only a matter of time until someone finds that Pluton, too, is completely borked.

    3. msobkow Silver badge

      Re: What's the real function?

      The long-dreamed of mandatory NSA back door...

  2. Boris the Cockroach Silver badge
    Windows

    hmmmmm

    Quote

    " Pluton is more of a building block to address the long-standing problem of securing PCs from bad actors."

    Securing your PC from m$ should be the first step in that. especially since

    Quote

    "Microsoft has said Pluton provides "chip to cloud" security, with firmware updates coming through Windows Update."

    Which will mean theres a way to run updates on the security thing from windows.......

    1. ShadowSystems

      Re: hmmmmm

      Security software that can be modified while the OS is running? What could possibly go wrong?

      *FacePalm*

      1. JoeCool

        RootKit

        Totally commercially justifiable.

    2. Blazde

      Re: hmmmmm

      Predicting it will end in tears around the same time Microsoft's Windows Update process falls victim to SolarWinds-style supply chain attack. That's already a nightmare scenario but imagine if you can quietly control a single well documented CPU firmware interface on 75% of desktop PCs. Do you brick them all, or something more elaborate? Really tough call.

      1. Roland6 Silver badge

        Re: hmmmmm

        The tears will probably start flowing when Pluton determines a legitimate Windows Security Update or one of the key files within it, is bad...

        So expect at some point in the future to have to disable Pluton so as to enable either system update or recovery from a Pluton borked update.

  3. Howard Sway Silver badge

    Microsoft's integrated Pluton security chip

    Whassit stand for then?

    Processor level user tax or notworking?

    Prevent linux users thwarting our nonsense?

  4. heyrick Silver badge

    with firmware updates coming through Windows Update

    Yes, because that never goes wrong, does it?

    So this thing can be quietly updated in the background with the OS running. Seems like their definition of trust is rather different to mine.

    1. Sandtitz Silver badge

      Re: with firmware updates coming through Windows Update

      "Yes, because that never goes wrong, does it?"

      Which firmware updates through WU have gone wrong?

      "So this thing can be quietly updated in the background with the OS running."

      The other option would be to run broken firmware if a vulnerability or a show-stopper bug was found. The masses (which we both don't represent) never bother with any updates. They'd gladly use any unpatched device as long as it works.

      Are they going to do the updates in secrecy you say?

    2. sten2012

      Re: with firmware updates coming through Windows Update

      It's a root of trust. It just depends on all the stems/trunks/branches and leaves.

      Note to self: must patent the "seed of trust" that comes before the root to keep ahead of this thing!

      1. heyrick Silver badge
        Happy

        Re: with firmware updates coming through Windows Update

        I'll claim the Spermatophyte of Trust, then.

  5. Detective Emil
    Paris Hilton

    Mitigates against bugs like Spectre and Meltdown??

    How can Pluton, a hardware root of trust, protect against hardware shortcomings thar result in information leakage from branch prediction, or a race condition that discloses protected memory contents, either of which can be exploited from unprivileged code?

    [Yes, I know: if Pluton is used to allow only approved and signed applications to run, as on iOS. But Microsoft has never managed to retrofit that model into Windows.]

    1. diodesign (Written by Reg staff) Silver badge

      Re: Mitigates against bugs like Spectre and Meltdown??

      No, what we (and Microsoft) means is: tightly coupling the coprocessor to the CPU cores within the same package makes it harder for someone to sniff the communications.

      It might be possible to do that with a side-channel attack, but really it's about stopping physical bus snooping.

      C.

  6. DomDF

    How long's left on the antitrust lawsuit timer? Surely it's about to go off.

    1. Anonymous Coward
      Anonymous Coward

      Not as long as Apple is still around. Apple is (and has been for years) Microsoft's antitrust lawsuit insurance. Just like it is Google's one on smartphones.

  7. cantankerous swineherd

    meanwhile, in another part of the woods:

    https://www.lightbluetouchpaper.org/2022/01/20/arm-releases-experimental-cheri-enabled-morello-board-as-part-of-187m-ukri-digital-security-by-design-programme/

  8. DS999 Silver badge

    The unanswered question is

    Can Microsoft turn it on via a software update? Can malware that affects UEFI (which we've already got several examples of) able to turn it on? Or perhaps worse for those who depend it on for system security, off?

    If it can be turned on and off, it makes a lot more sense that it be controlled via a jumper or similar hardware switch, not a UEFI setting.

    1. Oh Matron!

      Re: The unanswered question is

      ^^^^^^^^^^^ This.

      Malware turns it on, puts some junk (which reports something is not at all well) in there which then borks your entire computer.

      It will happen.

      1. DS999 Silver badge

        Re: The unanswered question is

        Malware that can turn it on would be able to make itself permanently resident so even a complete wipe and reinstall of the OS would not eliminate it. That's the holy grail for malware.

        This is already being done via infecting the UEFI itself, a security processor is even lower level so assuming it has some storage of its own that malware could write to (like a small piece of the on-board firmware flash) even a reflash of the UEFI along with the reinstall wouldn't be good enough to get rid of the malware!

      2. Paul Hovnanian Silver badge

        Re: The unanswered question is

        But we'll gladly turn it back off. For a fee, of course.

    2. oiseau Silver badge
      Facepalm

      Re: The unanswered question is

      Unanswered?

      Really?

      Can Microsoft turn it on via a software update?

      Can malware that affects UEFI ... ...turn it on?

      Or perhaps worse ... ... off?

      Hmm ...

      Does salt taste salty?

      ... makes a lot more sense that it be controlled via a jumper ...

      Exactly the point I was attempting to make.

      But you got the idea.

      O.

  9. Anonymous Coward
    Anonymous Coward

    Pluton

    God of Wealth, Money and Hell.

    1. heyrick Silver badge

      Re: Pluton

      <scratches the beard I don't have> Now why did they pick that name, I wonder?

  10. Anonymous Coward
    Anonymous Coward

    Insecure code

    Microsoft have demonstrated for the past 30 years they are incapable of authoring secure code. Now you have no choice to have this bad code on your computer.

    1. ITS Retired

      Re: Insecure code

      That is basically what I was planning to post. I have both a MacBook Pro and a Linux machine for when windows become unusable. Unusable is when my Windows 7 machine becomes too hard to keep going.

      I use both Linux and the laptop on a regular basis. They both have their own functions and I trust them both much more than Microsoft anything.

      Microsoft really needs to clean up its own software act before forcing their third party hardware "security" on everyone else.

  11. Anonymous Coward
    Anonymous Coward

    Congrats

    You all talk of the public functions of secure boot / TPM.

    Why does a TPM need access to a network connection while the computer is off?

    This new device has more to do with FISA, the Investigatory Powers Act 2016 & the UKUSA Agreement.

    Who is assigned this Trust?

  12. NonSSL-Login
    Alien

    Never

    should Microsoft & Trusted be put in the same sentence.

    Besides their integration with the NSA is so strong now you never know if its Microsoft or the NSA adding that nice new feature which happens to give them more info or attack vectors

    1. Anonymous Coward
      Anonymous Coward

      Re: Never

      Never should Microsoft & Trusted be put in the same sentence.

      Oh no, that's entirely possible, provided you add the word "not" or variations such as "entirely not", "would not be trusted in a months of Sundays" etc etc.

  13. BOFH in Training Bronze badge

    Am confused

    PC makers can choose to ship computers with Pluton turned off, and the technology does not verify the signature of bootloaders, Microsoft PR said. The security processor can be configured to act as a TPM, or used in a non-TPM scenario, or disabled.

    --

    So does that mean Pluton, when turned off, does not act as TPM 2.0 for other OSes which may use TPM 2.0?

    Or does it mean that your got Pluton mode, TPM 2.0 mode, or disabled totally?

    1. Anonymous Coward
      Anonymous Coward

      Re: Am confused

      Or it just pretends to be disabled, until it gets a command through the network...

  14. Missing Semicolon Silver badge
    Thumb Down

    OEM Windows price

    You know how currently, to get the best price on OEM Windows licenses, manufacturers have to buy a license per shipped machine, irrespective of whether Windows is actually installed?

    Well, I guess the next move is that the price per-box now depends on if a) Pluton is on by default and b) disabling Pluton in the BIOS is prevented. The price will be less in that case.

    So, nice cheap laptops will have Pluton on and locked, so no Linux. Which means that old laptops will become landfill, instead of being upcycled with Linux.

    Remember, upcycling is good for the environment, but bad for business.

  15. Anonymous Coward
    Anonymous Coward

    Or rather, that's the sales pitch.

    exactly. In reality however...

  16. Anonymous Coward
    Anonymous Coward

    Microsoft... interested in helping customers secure their open-source environments

    be afraid. Be VERY afraid of MS bringing 'help' to their open-source environments. Frog-boiling pan is already on, 'helpful' 'security' mode on. Fortunately, most folk in open-source environments happen to have a built-in, hardware-level suspicion of MS...

  17. Claverhouse Silver badge
    Alert

    Never Change, Microsoft

    Here we go again...

  18. Marty McFly Silver badge
    Linux

    Where is the tipping point?

    When will Chipzilla & friends start producing chips & motherboards for non-Windows usage? There could be a market opportunity here to target those of us who are fed up with the garbage from Redmond.

    1. Anonymous Coward
      Anonymous Coward

      @Marty McFly - Re: Where is the tipping point?

      Quick answer for you: How about Never ?

      There is / will be no such market opportunity. At least that's what Microsoft decided.

      Let's imagine for a second that PC manufacturers will put aside a small batch of computers and sell them without all this security crap but with same specs. Now what do you think their price should be ? If they sell them at a higher price, not many people will buy them. If they will sell them at a lower price, they will lose money. As you can see not much chance for profit here. In both cases they risk upsetting Microsoft and you certainly don't want that. So they take the middle way: offer the possibility to disable that crap for as long as Microsoft will allow it. I know, in the long term there will be no escape from Microsoft appropriating your PC (here P is for Personal).

      For corporate computers it doesn't matter at all and I don't care either because they pay me to use Windows.

  19. captain veg Silver badge

    Where's the problem

    > Pluton is more of a building block to address the long-standing problem of securing Windows PCs from bad actors.

    Is that problem Windows, or PCs?

    -A.

  20. Uncle Ron

    "Trust Me"

    "Pluton is designed for Windows, and using it with Linux "is currently an unsupported scenario," a Microsoft spokesperson told The Register."

    Trust me, IMHO, Pluton is a DRM extension that aims at nothing else but to lock out every OS but Windows 11. Again, IMHO, the only Linux that will work on Pluton machines will be the Linux embedded in Win 11. Suppose you have plans to use a dual-boot scenario. Pluton must be turned on to get 11 to load, but a Linux distro may vomit unless Pluton is turned off. Trust me again: Unless MS rescinds it's decision to make all my home desktops and laptops obsolete, when 10 goes out of support, I'm going out the door, to Linux Mint. or Linux Zorin.

    If I had even a nano-second of belief that this mess would stop even -some- of the hacks and hijacks and ransom-ware and spyware and malware and identity theft and all the rest of it, I would scrap my multiple thousands of dollars of HW and acquiesce. But I don't have that belief. IMHO, It will take the evil-doers and government bad actors that said nano-second to jump over all of it. Make TMP/Pluton optional for 11, or MS is gone from my life. They're history, they're in the archives, they're in the rear-view mirror. RIP.

    1. Anonymous Coward
      Anonymous Coward

      Re: "Trust Me"

      they have been gone from my life for a while now.

  21. _LC_ Silver badge
    Holmes

    bad actor

    noun

    Definition of bad actor

    : an unruly, turbulent, or contentious individual - also known as “user”

  22. nijam Silver badge

    > long-standing problem of securing Windows PCs from bad actors

    Such as Microsoft, I should hope?

  23. Fignuts

    If Blackadder were on the IT Crowd...

    .. I'm pretty sure his comment would be something to the effect of: "Microsoft designing security hardware is like hiring The 3 Stooges to write your next workplace safety course."

    1. Alan Brown Silver badge

      Re: If Blackadder were on the IT Crowd...

      It's been done:

      https://en.wikipedia.org/wiki/Forklift_Driver_Klaus_%E2%80%93_The_First_Day_on_the_Job

      It's very funny and very messy

      https://www.facebook.com/watch/?v=525452031608114 - apologies for the FB link bit it's the only online copy I know of

  24. mpi

    It's really simple, dear hardware vendors

    If the inclusion of this on your Product A interferes with Linux or BSD in any way shape or form, no matter how minor or easy to fix, and your competitors product B doesn't...

    ...then I will buy B, even if it costs more.

    End of discussion.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022