In November 2020, Microsoft unveiled Pluton, a security processor the company developed to thwart some of the most sophisticated types of hack attacks. On Tuesday, AMD said it would incorporate the chip into its upcoming Ryzen CPUs for use in Lenovo’s ThinkPad Z laptops.
Microsoft has already used Pluton to protect Xbox One and Azure Sphere microcontrollers from attacks that involve people with physical access opening device cases and performing hardware hacks that bypass security measures. Such hacks are usually carried out by device owners who want to run unauthorized games or programs to cheat.
Now Pluton is evolving to protect PCs from malicious physical hacks designed to install malware or steal cryptographic keys or other sensitive secrets. While many systems already have trustworthy platform modules or protective measures such as Intel’s Software Guard extensions To keep such data safe, the secrets remain vulnerable to various types of attack.
One such physical attack involves laying cables that tap the connection between a TPM and other device components and extract the secrets that are exchanged between the machines. Last August, researchers revealed an attack that took only 30 minutes to complete Get the BitLocker key from a new Lenovo computer that is preconfigured for full disk encryption with a TPM, password-protected BIOS settings, and UEFI SecureBoot. The hack that worked by sniffing the connection between the TPM and the CMOS chip showed that locking a laptop with the latest defensive measures is not always enough.
A similar attack, revealed three months later, showed that it was possible to exploit a (now fixed) vulnerability in Intel CPUs in order to defeat a variety of security measuresincluding those provided by BitLocker, TPMs, and anti-copy restrictions. Attacks known as Specter and Meltdown have also repeatedly underscored the threat of malicious code that pulls secrets straight from a CPU, even if they are secret stored in Intel’s SGX.
A new approach
Pluton was designed to fix all of that. It’s built right into a CPU die where it stores crypto keys and other secrets in a walled garden that is completely isolated from other system components. Microsoft has stated that the data stored there cannot be removed even if an attacker has installed malware or has full physical possession of the PC.
One of the measures that make this possible is a unique Secure Hardware Cryptography Key, or SHACK. A SHACK helps ensure that keys are never exposed outside of the protected hardware, not even the Pluton firmware itself. Pluton is also responsible for automatically providing firmware updates via Windows Update. With the tight integration of hardware and software, Microsoft expects Pluton to seamlessly install security patches as needed.
“When I run an IT department in the office, I want people to run verified versions of Windows and Office apps and lock them down as much as possible to prevent all kinds of malicious and unauthorized things,” said Joseph FitzPatrick, one Hardware hacker and a firmware security researcher at SecuringHardware.com. “Pluton is the hardware-supported way to get there.”
He said Pluton will also prevent software from running that has been modified without the developers’ permission.
“The benefit is that x86 systems become safer and more reliable by further enabling a walled garden approach,” said FitzPatrick. “The downside is the typical complaints about walled gardens.”
From the start, TPMs had one fundamental limitation – they were never designed to protect against physical attack. Over time, Microsoft and others began using TPMs as a place to more securely store BitLocker keys and similar secrets. The approach was far better than storing keys on disk, but researchers have shown it was barely sufficient.
Eventually, Apple and Google introduced the T2 and Titan chips to make things better. The chips offered some guarantee against physical attack, but both were essentially bolted to existing systems. Pluton, on the other hand, is integrated directly into the CPU.
The security chip can be configured in one of three ways: as a device TPM, as a security processor used in non-TMP scenarios, e.g.
ThinkPad Z series notebooks that are equipped with Pluton-integrated Ryzens will be Shipping start in May. Microsoft said
ThinkPad Z13 and Z16 models using Pluton as the TPM help protect Windows Hello credentials by further isolating the credentials from attackers.