What is microsoft pluton ?

[Nethet]

Hey guys !

 

I just wached this video on LTT : AMD announces its STRANGEST CPU yet, and I found out that microsoft pluton (announced in november 2020) will be in mainstream Ryzen mobile 6000 CPUs, and a lot of questions went throught my mind.

 

The only thing I understood about this is that it's meant to be a security module (or maybe some kind of SoC), that prevents physical attacks by beeing inside the processor itself. This is to prevent very specific attacks on TPM buses,where the h4ck3r manipulates the buses on the motherboard to bypass the TPM. This technology will be in AMD, Qualcomm and Intel chips in near future.

 

But how did a software development company convice the 3 largest chip manufacturers to integerate their security module inside consumer chips ? (I know it was in testing on Azure for a long time but it's definitely not the same usecase)

 

What does this mean for linux users if pluton is everywhere, because the firmware updates are supposed to be installed throught windows update ? (Do you need to desactivate secure boot definitively and won't be able to use this technology at all, which means that there will be no on board security ?)

 

Do you think this technology is usefull in mainstream chips or has it been forced on manufacturers by microsoft to assert its dominance on the market ?

Spoiler

(or worse to be a backdoor for the CIA)

 

Is it fair that microsoft is imposing its operating system on a harware level ?

 

It may be a bit early to awnser all this question but I find all this kinda sus. 

 

[AndreiArgeanu]

The Microsoft Pluton processor basically looks like the T2 chips found in Apple's devices since 2018 so the quirks that apply to it also probably apply to this. So you will probably need to deactivate secure boot just like you have to on a Mac to install and probably even run Linux though that is just a speculation and we'll have to wait until a device equipped with the technology will be released to see.

[Quackers101]

not sure about this, but wasn't it something about being stored on the hardware itself, like certain IDs etc. might have mixed it with something else.

[Sn1ff]

this is extremely concerning for several reasons.

not only are updates to be distributed through windows update, a large concern for non-windows users, but there's a lot of what-ifs that have yet to be addressed. what happens when support for this ends? do we just have an out of date piece of software with full hardware access to our pc? what happens if the update gets compromised, and there's undetectable and indelible malware with full control over everyone's computers?

 

and of course, the elephant in the room: why should we trust microsoft with this? we already know they're not to be trusted with our personal information, and now we're supposed to allow them to have a second processor within our own, capable of "chip-to-cloud", giving microsoft effectively full access to our computers??

 

this entire thing sounds like intel's management engine and amd's platform security processor on steroids.

[Zomeguy]

My first thought was Microsoft updates haven't been the greatest experience. Not to mention all the things Sn1ff mentioned.