Windows giant seeks Pluton-ic relationship with chipmaker: AMD first out of the gates with Microsoft's security processor It's been a while coming, but it looks like PCs with Microsoft's Pluton security processor are just around the corner. So long as your silicon of choice comes from AMD, for the time being at least. Pluton was first announced in 2020 and is rooted in anti-piracy protection developed for Microsoft's Xbox console some years …
> what's the advantage to anyone who is running Windows?
Making sure you only run genuine, verified Microsoft-certified software - and nothing else. It's chilling.
I admit this can be an IT department's wish, but what does it spell for those who own their own computers, and, heaven forbid, want to use a non-Microsoft OS?
"Making sure you only run genuine, verified Microsoft-certified software..."
My sister just bought herself an el-cheapo Asus laptop. When I got dragged in to set it up, I had to fight with something called Windows 'S' mode. Now not having used any MS stuff for over twenty years this was a bit of a shock. What was more of a shock was the error message spread across the screen complaining about an "un-verified" program and did I want to install it? Personally I wanted to un-install the whole bloody mess and put a decent OS on the damned thing but it wasn't my laptop so I was stuck and it took me a long time to get rid of 'S' mode so that I could get on and setup the laptop as requested. Time wasted and temper definitely frayed but I got there in the end.
Oh!
The 'unverfied' program I was warned about?
Something called"powershell.exe" No idea where that came from and I didn't install it as I had been warned off.
Thanks MS.
In all fairness wasn't the "S" version of Windows the most basic, and locked-down version of Windows. hence why its sold primaraly to Schools, most of whom would have wished for such a locked out version of Windows. As such it only allowed you to install "Apps", from the M$ Windows, AppStore, so the question here (I guess), is if Powershell is in the Store or not?)´.
"Going beyond TPM, Microsoft suggested scenarios for the tech to provide greater visibility into the state of the platform with signals being reported back to Intune and Azure Attestation Service in the future." ... that needs clarification as to what it means for non-Windows users, or I won't be using it.
Indeed. From Ars Technica:
"Microsoft already used Pluton to secure Xbox Ones and Azure Sphere microcontrollers against attacks that involve people with physical access opening device cases and performing hardware hacks that bypass security protections. Such hacks are usually carried out by device owners who want to run unauthorized games or programs for cheating."
Ok, do I own the phyisical hardware or not. (i.e. Do I own my College Textbook, or not?), sure I can not clame to own the words written there-in. But, if its "my book", then I should be allowed to deface, said object with Highlighter markers, and as many side notes, as I need to take for that that couse.
So M$, Nintendo, and S0NY, can attempt to make such hacks as difficult as possible. But, I am under the understanding that the DMCA, does not ciminalize the art of the Jailbrake. which has other uses beyound just sailing the high seas.
So Microsoft realised a few years ago that it was congenitally unable to write secure code and turned to a brute hardware fix instead.
Now it wants the hardware to be programmable.
This looks like history repeating as farce. Reminds me of when, having failed to interest the world in stuffing desktop Windows on to phones they then tried to make everyone use a phone OS on their desktops.
-A.
Your BIOS is updatable, that is programmable, therefore you've ALWAYS had this form of vulnerability. If a BIOS can be protected enough that you do not seem worried about it during your course of normal computing operations then Pluton will be the same.
Not that I'd want to have it based upon their current description, mind you. But worrying about its security whilst accepting BIOS updates seems unfounded.
Different degree of pwnage. BIOS images often can't be updated through Windows and require booting to a single-user OS, plus obscurity means (1) there are a lot of different BIOS types to figure out, and (2) it's hard to figure out which one is appropriate for any given intrusion.
This Pluton looks to make it a SPOF.
Your BIOS is updatable, that is programmable, therefore you've ALWAYS had this form of vulnerability.
So I'm dreaming of the days when a BIOS update meant pulling chips and inserting replacements?
Different vulnerability with an entirely different attack surface though. As in zero for stuff running in protected mode. This is more akin to microcode updates but at a higher and potentially more discriminating level of abstraction.
Otherwise an individual doesn't really own their HW anymore.
Isn't the alternative to give up control to "the central authority" ?
Not saying Pluton is solving a real problem or not, since there isn't enough technical info to evaluate it. But the minute they attach the tag "Consumer tech" or "Retail tech" there will be a religous war.
Here's the exact problem. What exatctly IS the problem that is in need of fixing? How does this "problem solving" help me? it seems to me that this is less of a helpful, and cheery securtity fix, but more of a nany-state oversight, to prevent, me from using my equipment in a way that might lose someone somewhere a Dolllar or two.
HEAVENS FORBID! That M$, and Adobe might have lost a Sub somewhere.
From what the article says, it appears to depend on whether the "OEM" whoever that might be for us white-boxers gets to decide whether to turn this thing on. If they come from AMD, Intel etc with TPM activated, WSL could end up our only choice for Linux...
...until the whole system gets hacked by some very clever sod.
> it appears to depend on whether the "OEM" whoever that might be for us white-boxers gets to decide whether to turn this thing on
I'm pretty sure OEMs will get a nice discount for enabling it, and also that only Microsoft-certified ($!) OEMs get the tools to play with this. Definitely not the DIY computer builder. There is no point in a cage if you leave the keys on the door, is there.
As for hacking it, I'm afraid when it happens it won't be an "Escape from Walled Garden" type scenario, but rather a "The End is nigh" type security nightmare, since it means really, definitely invincible malware you can only get rid of by ripping out your expensive CPU and trashing it...
Ridiculous. Completely different. Apples and not even oranges.
It's my PC alright, and yet I "inject" somebody else's code into it all the time, cause believe it or not, I didn't write an OS, not even the software running on it!...
As for your body, you "inject" foreign stuff into it all the time, else you'd be dead by starvation a long time ago. The only difference is that a cold beer is "okay", while the nasty vaccines built by [enemy] to [nefarious task] are desecrating the sacred temple of your body. Yes, yes, vaccines (of all kind) are bad, it's a base tenet of conspiracy nuts worldwide.
Most motherboards have TPMs built into the UEFI now, so Microsoft's chip is irrelevant as far as TPM security. I don't see it selling as Microsoft has long burned up any level of trust with it's Windows users. AMD and Intel will end up dropping it due to low sales or sell exclusively for XBox. I will definitely NOT put one in my PC!!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
