Header Ads

Breaking News

Microsoft Pluton will bring Xbox security to AMD, Intel, Qualcomm CPUs

Pluton, a technology Microsoft and AMD co-developed to prevent the Xbox from being hacked, will be added to Windows PCs via the CPUs themselves to provide additional security, the companies said Tuesday,

According to Microsoft, Pluton helps greatly eliminate the chance that the PC’s Trusted Platform Module (TPM) will be compromised. The TPM creates a root of trust, governing a number of critical functions within the PC: guaranteeing that it will securely boot with the trusted combination of hardware and software, for example, and securely update to trusted firmware. Windows’ BitLocker disk encryption system uses the TPM, as do other Windows components.

Traditionally, the TPM has existed outside of the processor, connecting to it via an external bus. Now it will be integrated within AMD, Intel, and Snapdragon CPUs itself—though when, and in which processors, remains very murky for now. What this means, however, is that there will be a third-party logic block built into an Intel Core or AMD Ryzen system-on-chip, which will create its own secured channel to Microsoft’s Azure service to manage trusted updates. Microsoft is also seizing the opportunity to manage your PC’s firmware updates, which sounds like it could mean that the firmware your motherboard and PC supplier provides could be replaced with Windows Update.

Pluton cannot completely secure your PC. But Microsoft says Pluton will dramatically improve how your laptop protects your data, even if the attacker has physical possession of your stolen laptop.

Microsoft pluton chip to cloud Microsoft

Microsoft’s Pluton tries to secure the PC from the chip to the cloud.

Pluton: From the Xbox to the PC

In 2003, AMD, Cisco, IBM, Intel, and Microsoft formed the Trusted Computing Group, which outlined the specifications to define the Trusted Platform Module. Those chips, produced by a variety of manufacturers, sit on a PC’s motherboard and communicate with the rest of the system via the SPC or LPI bus. This bus is the vulnerable component, provided the attacker has physical access to the laptop itself. An attacker with a logic analyzer could sniff the bus for what’s known as the Volume Master Key, and then use it to decrypt a Bitlocker-encrypted hard drive or SSD on a stolen laptop.

Pluton was implemented to prevent that. Instead of adding a TPM which communicates via an external bus to the CPU, the Pluton security processor becomes part of the CPU itself, as part of a system-on-a-chip design. (It’s not clear whether Pluton will be a logic block within the CPU die itself, or another discrete die that’s connected within the chip package. Referring to it as the “Pluton processor,” though, implies the latter.)

Pluton has already been proven out via two Microsoft projects: the Azure Sphere IoT device, and the 2013 Microsoft Xbox One console. The latter is the strongest argument for Pluton’s viability. 

As Tony Chen, Microsoft’s platform security architect, noted at Microsoft’s 2019 Bluehat conference, Windows security is devoted to protecting the Windows user from external attackers; Xbox security is designed to protect the console from the physical owners, some of whom may wish to crack the hardware to gain access to pirated games, or to cheat in online games. “Basically we start with the simple rule that we can trust the CPU die, but nothing else outside of it,” Chen said in his 2019 presentation about securing the Xbox.

Source Link

No comments