AMD introduced the Ryzen 6000 series Rembrandt processors with the CES 2022 event. Apart from the technical specifications, it has been announced that Microsoft Pluton technology is used on this platform. Pluton aims to protect you from firmware attacks while on the go with your laptop, while providing stronger security, mainly to prevent physical attacks and encryption key theft.
While this technology is first released on Xbox and AMD’s EPYC data center processors, it will join other security features such as AMD Secure Processor and Memory Guard.
As businesses continue to evolve and experience digital transformations, security remains a top concern. It has been reported that there has been a 150% increase in ransomware attacks over the past year. There are 579 password attacks every second, and there has been a 667% increase in phishing attacks since March 2020.
The protections provided on the cloud side and the security measures in the Windows operating system are constantly being improved. On the other hand, attack methods that target the ports between hardware and software and sensitive information such as encryption keys and credentials in a device’s firmware continue to evolve. The Microsoft Security Signals 2021 survey revealed that not only software but also hardware is important to protect against 80% emerging threats.
The emerging threat today requires special solutions to protect every layer of computing, from chip to cloud systems. Microsoft, on the other hand, introduced PCs with secure cores, the Windows 11 operating system, and the Microsoft Pluton security processor to offer this protection.
By integrating sensitive data such as Pluton encryption keys into a device’s CPU die, Microsoft makes it extremely difficult for attackers to access the data and ensures that data is stored securely within the hardware. The security processor was first used on Xbox and Azure Sphere. This design helps prevent emerging hacking techniques from gaining access to important material.
Lenovo has recently announced a Microsoft Pluton powered laptop powered by AMD Ryzen 6000 series processors. The new Lenovo device offers new hardware security features for Windows customers, including:
Chip-to-Cloud Security Updates
The software of the Pluton security processor can be updated via Windows Update along with standard industry checks. Tightly integrated hardware and software help protect against vulnerabilities by adding additional visibility and control, while providing an innovation platform that enables customers to leverage new features in future versions of Windows that leverage Pluton hardware and are adaptable to changes in the threat landscape with this design.
Physical Attack Resistance
Microsoft Security Signals 2021 research showed that the 70% are more concerned about the risk of device theft when switching to hybrid operation. Despite the attacker’s full physical possession of the computer, the AMD Security Processor and Pluton work together to eliminate the attack vector that physical attackers can exploit. In addition, these chips are designed to coexist in AMD silicon.
Pluton’s flexible and reliable platform aims to help improve security in a range of scenarios that benefit everyday users, small businesses and large commercial enterprises. To respond to customers’ needs, Microsoft has configured Pluton in three ways: as a Trusted Platform Module, as a security processor used for non-TPM scenarios such as platform flexibility, and systems where Pluton is disabled by OEMs.
As for devices like the Lenovo ThinkPad Z13 and Z16, when Pluton is configured as TPM 2.0 for a Windows 11 system, the chip can help protect Windows Hello credentials by further isolating them from attackers. Device encryption can use Pluton when configured as a TPM to securely protect encryption keys from physical attacks and help protect data from prying eyes. The flexibility of Pluton and the innovation powered by Microsoft’s ecosystem partners will allow the hardware security features powered by Pluton to be used for scenarios beyond TPM.
The first example of such a scenario was developed in close partnership with multiple OEMs. Windows will use Pluton to provide end users and IT administrators with greater visibility into the state of the platform and securely integrate with other hardware security components in the system.
Windows OEMs work closely with commercial customers to ensure their device security needs are met. OEMs assemble many components, from the chassis to the motherboard and attached peripherals. Thus, they have an important position in building systems by considering all factors, including security.
Together with its largest silicon partners, Microsoft has introduced a new vision to ensure security. Collaborating with leading silicon partners AMD, Intel and Qualcomm Technologies, the company developed the Microsoft Pluton security processor. The security technology used by Xbox and Azure Sphere will bring further security enhancements to future Windows PCs.
The emerging vision for the future of Windows PCs is based on chips tightly integrated into CPUs, designed to eliminate all means of attack on the hardware and software side. This revolutionary security processor design will make it significantly harder for attackers to hide under the operating system and improve its ability to protect against physical attacks. It will also provide the ability to recover from software bugs while preventing theft of credentials and encryption keys.
Most computers today rely on a chip called the Trusted Platform Module (TPM), which is separate from the CPU. TPM is a hardware component used to help securely store keys and metrics that verify the integrity of the system. TPMs have been supported on Windows for over 10 years and power many critical technologies such as Windows Hello and BitLocker.
As the TPM chip performs critical security tasks, attackers have also begun devising methods to attack the TPM, especially when it can temporarily gain physical access to a PC. Sophisticated attack techniques typically target the communication channel between the CPU and the TPM, a bus interface. This bus interface provides the ability to share information between the main CPU and the security processor, but also provides an opportunity for attackers to steal or modify information in transit using a physical attack.
The Pluton design builds the security ecosystem on the CPU, eliminating the potential for this communication channel to be hacked. Windows PCs using the Pluton architecture will first emulate a working TPM with existing TPM features and APIs, allowing customers to instantly take advantage of enhanced security for TPM-based Windows features such as BitLocker, System Guard.
Windows devices with Pluton use the Pluton security processor to protect credentials, user IDs, encryption keys and personal data. None of this information can be removed from Pluton, even if an attacker has installed malware or has full physical ownership of the PC.
Pluton also offers a premium level of security for Windows customers with its unique Secure Hardware Encryption Key (SHACK) technology that helps ensure keys are not exposed outside of the protected hardware, not even the Pluton firmware itself.
Another major security issue solved by Pluton is keeping the system firmware up-to-date across the entire PC ecosystem. Users today receive security firmware updates from a variety of sources that can be difficult to manage, resulting in common patching issues. Pluton, on the other hand, provides a flexible, updatable platform to run firmware that implements end-to-end security functionality written, maintained and updated by Microsoft. For Windows computers, Pluton will be integrated with the Windows Update process as Azure Sphere Security Service connects to IoT devices.
The Pluton design was introduced by Microsoft in partnership with AMD as part of the integrated hardware and operating system security features on the Xbox One console, released in 2013. At the same time, it started to be used by Azure Sphere. Adding Microsoft’s IP technology directly to the CPU silicon helped protect against physical attacks, prevent keys from being discovered, and provide the ability to recover from software bugs.
Tech giants like AMD, Intel, and Qualcomm continue to work with Microsoft to improve security on devices. Microsoft, on the other hand, believes processors with built-in security like the Pluton are the future of computing hardware. The built-in security system provided by Pluto will soon be rolled out to more tech devices.