In November 2020, Microsoft introduced Pluton, a security processor that the company designed to thwart some of the most sophisticated types of hacking attacks. On Tuesday, AMD said it would integrate the chip into its upcoming Ryzen CPUs for use in Lenovo’s ThinkPad Z series of notebooks.
Microsoft has already used Pluton to protect Xbox Ones and Azure Sphere microcontrollers against attacks that involve people with physical access opening device cases and performing hardware hacks that circumvent security protections. Such hacks are usually done by device owners who want to run unauthorized games or programs to cheat.
Now, Pluton is evolving to protect PCs against malicious physical attacks designed to install malware or steal cryptographic keys or other confidential secrets. While many systems already have trusted platform modules or protections like Intel’s Software protection extensions To protect such data, secrets remain vulnerable to various types of attacks.
One of those physical attacks involves laying cables that take advantage of the connection between a TPM and other components of the device and extracting the secrets that pass between the machines. Last August, researchers revealed an attack that took just 30 minutes to extract the BitLocker key from a new Lenovo computer preconfigured to use full disk encryption with TPM, password-protected BIOS settings, and UEFI SecureBoot. The hack, which worked by tracing the connection between the TPM and the CMOS chip, showed that locking down a laptop with the latest defenses isn’t always enough.
A similar attack revealed three months later showed that it was possible to exploit a vulnerability (now fixed) in Intel CPUs to bypass a variety of security measures, including those provided by BitLocker, TPM, and anti-copy restrictions. The attacks known as Specter and Meltdown have also repeatedly highlighted the threat of malicious code extracting secrets directly from a CPU, even when the secrets are stored on Intel’s SGX.
A new approach
Pluto is designed to fix all of that. It is built directly into a CPU die, where it stores cryptographic keys and other secrets in a walled garden that is completely isolated from other system components. Microsoft has said that the data stored there cannot be deleted even when an attacker has installed malware or has full physical possession of the PC.
One of the measures that makes this possible is a Unique Secure Hardware Cryptography Key, or SHACK. A SHACK helps ensure that keys are never exposed outside of protected hardware, even Pluton’s own firmware. Pluton will also be responsible for automatically delivering firmware updates through Windows Update. By tightly integrating hardware and software, Microsoft expects Pluton to seamlessly install security patches as needed.
“If I’m running an IT department in the office, I want people to run verified versions of Windows and office applications and block as much as possible to prevent all kinds of malicious and unauthorized material,” said Joseph FitzPatrick, a hacker. Hardware Developer and Firmware Security Researcher at SecuringHardware.com. “Pluto is the hardware-enabled route to get there.”
He said Pluton will also prevent people from running software that has been modified without the permission of the developers.
“The benefit is that it makes x86 systems more secure and reliable by further enabling a walled garden approach,” said FitzPatrick. “The downside is the typical complaints about walled gardens.”
From the beginning, TPMs have had a fundamental limitation: They were never designed to protect against physical attacks. Over time, Microsoft and others began using the TPM as a place to more securely store BitLocker keys and similar secrets. The approach was much better than storing keys on disk, but as the researchers have shown, it was barely enough.
Finally, Apple and Google introduced the T2 and Titan chips to improve things. The chips provided some guarantee against physical attack, but both were essentially bolted to existing systems. Pluton, on the other hand, is built directly into the CPU.
The security chip can be configured in three ways: as the TPM device, as a security processor used in non-TMP scenarios, as platform resilience, or as something that PC manufacturers turn off prior to shipment.
ThinkPad Z Series Laptops Equipped with Pluton Integrated Ryzens start shipping in May. Microsoft saying
The ThinkPad Z13 and Z16 models that use Pluton as the TPM will help protect Windows Hello credentials by further isolating credentials from attackers.