Windows to the future: Microsoft introduces new security chip

18 Nov 2020

Microsoft says its vision for the future of Windows PCs is security at the very core, built into the CPU.

AMD, Intel and Qualcomm sign up to fortify defenses of upcoming Windows devices


Microsoft announced a new processor that will revolutionise security on future Windows platforms, as it fortifies its countermeasures against the increasing threat and sophistication of cybersecurity attacks.

The Pluton processor, a chip-to-cloud security technology pioneered in the Xbox gaming console and Azure Sphere platform, will bring more security advancements to future Windows PCs. It was created in collaboration with Microsoft's biggest silicon partners, including AMD, Intel and Qualcomm, all of whom will provide future chips for Windows devices.

"The role of the Windows PC and trust in technology are more important than ever as our devices keep us connected and productive across work and life," Microsoft said in a statement to Khaleej Times.

Windows-based PCs remain the dominant platform in the global computing market, with an almost 80 per cent share at the end of July, according to Statista data.

The tech giant says more steps must be taken and that the industry should be ahead of cybercriminals: As computing systems and security advance, so do the methods used in trying to infiltrate it.

"While cloud-delivered protections and AI advancements to the Windows OS have made it increasingly more difficult and expensive for attackers, they are rapidly evolving, moving to new targets: the seams between hardware and software that can’t currently be reached or monitored for breaches."

Microsoft says its vision for the future of Windows PCs is security at the very core, built into the CPU, with the aim of "ultimately removing entire vectors of attack".

"This revolutionary security processor design will make it significantly more difficult for attackers to hide beneath the operating system, and improve our ability to guard against physical attacks, prevent the theft of credential and encryption keys, and provide the ability to recover from software bugs," it added.

Technical explainer

Operating system security on most PCs today lives in a chip separate from the CPU, called the Trusted Platform Module (TPM), a hardware component used to help securely store keys and measurements that verify the integrity of the system.

Given the effectiveness of the TPM at performing critical security tasks, attackers have begun to innovate ways to attack it, particularly in situations where an attacker can steal or temporarily gain physical access to a PC. These sophisticated attack techniques target the communication channel between the CPU and TPM, which is typically a bus interface.

The Pluton design removes the potential for that communication channel to be attacked by building security directly into the CPU. Windows PCs using the Pluton architecture will first emulate a TPM that works with the existing TPM specifications and APIs, which will allow customers to immediately benefit from enhanced security for Windows features that rely on TPMs.

Windows devices with Pluton will use the Pluton security processor to protect credentials, user identities, encryption keys and personal data. None of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC.

This is accomplished by storing sensitive data like encryption keys securely within the Pluton processor which is isolated from the rest of the system, helping to ensure that emerging attack techniques, like speculative execution, cannot access key material.

“Security is our top priority and we have been at the forefront of hardware security platform design to support features that help safeguard users from the most sophisticated attacks," said Mark Papermaster, chief technology officer and executive vice president for technology and engineering at AMD.

“The introduction of Microsoft Pluton into future Intel CPUs will further enable integration between Intel hardware and the Windows operating system," added Mike Nordquist, director of strategic planning and architecture of the business client group at Intel.

“We believe an on-die, hardware-based root-of-trust like the Microsoft Pluton is an important component in securing multiple use cases and the devices enabling them," said Asaf Shen, senior director of product management at Qualcomm.


Our Clients

WhatsApp chat