Microsoft’s attempt to put its homegrown Pluton security processor architecture into third-party Windows 11 PCs is right now more work-in-progress than the slam dunk its publicity would have you believe.
Pluton is the software giant’s move to define a level of security that should be baked into microprocessors that run its Windows OS. Pluton implementations are supposed to securely store and safeguard encryption keys, credentials, and other sensitive information, such as biometric data, within the processor package, making it difficult for miscreants to extract this info.
Microsoft announced Pluton in November 2020 in conjunction with Intel, Qualcomm, and AMD; the trio’s chips were expected to implement Pluton as an embedded co-processor. Indeed, all three were publicly very excited about the whole affair. However, despite all that publicity and hype, reality isn’t quite in alignment.
Intel isn’t putting Pluton in its newest PC microprocessors, its 12th-generation Core family code-named Alder Lake, which started appearing in laptops this month.
“Intel’s 12th Gen platforms do not support Pluton,” an Intel spokesman told The Register this week.
Instead, the semiconductor manufacturer is offering its own suite of security defenses within Alder Lake, a technology dubbed Platform Trust Technology. This provides a Trusted Platform Module 2.0, which is a prerequisite for Windows 11 PCs, meaning the OS will run as normal.
Intel told us PTT has been tested in billions of devices already. That’s because Intel has shipped chipsets with PTT for years as a way of bringing TPM-level capabilities to systems. Intel dominates the x86 PC market, where it has a 74 per cent market share, while AMD has 26 per cent.
Lenovo this week announced new ThinkPads powered by Intel and AMD parts. A Lenovo spokesperson told The Register these Intel-based ThinkPads “will not support Microsoft Pluton at launch.”
ThinkPads coming this year with AMD Ryzen 6000 processors will have Pluton inside, but it “will be disabled by default on 2022 Lenovo ThinkPad platforms,” a Lenovo spokesperson previously told The Register. AMD included Pluton in its Ryzen 6000 family, introduced in January, and is providing the option for users to turn it on and off.
Lenovo also introduced the ThinkPad X13s Windows 11 laptop, which has Qualcomm’s Arm-based Snapdragon 8cx Gen3 system-on-chip. This processor integrates Microsoft’s Pluton TPM.
A Dell spokesperson declined comment to on whether it would include Pluton in its upcoming PCs, saying “the company is evaluating options.” HP did not return requests for comment.
To be clear, Pluton isn’t a requirement for running Windows 11. Pluton – which can can act as a TPM baked onto the processor die – is supposed to, for one thing, stop people from sniffing secrets transferred across a motherboard bus, and instead keep that data within the processor chip.
Pluton’s origins can be traced back to a hardware security layer in the Xbox family. Microsoft’s efforts to push its own CPU-level security architecture inside PCs raised concerns it was locking equipment exclusively to Windows 11. Chip makers have clarified that users will be able to install Linux and any other compatible OS on their PCs whether they have Pluton or not.
A Microsoft spokesperson told The Register Pluton was developed with processor makers with a long-term vision to improve security all the way down to the chipset level. As such, it will take time for Pluton to show up in silicon, we’re told. Which is understandable given the timescales involved in developing and fabricating state-of-the-art microprocessors, though people may not have had that impression from Pluton’s launch.
“As with any novel hardware technology, adoption is based on roadmap, supply chain, and unique customer needs so implementation takes time – similar to adoption of USB 4, TPM 2.0, etc,” the Microsoft spokesperson said in an email.
Apple has also integrated its own security chip called T2 in Macs, while Google is using its Titan security silicon in its Pixel devices.
Microsoft is instead relying on the ecosystem and its partners to drive adoption. The intent of Pluton was to provide choice to customers, and it can be offered with or without a third-party TPM 2.0 chip, the Microsoft spokesperson said.
“As the threat landscape continues to evolve, this integration of hardware and software enables the ecosystem to update and dynamically add new security capabilities to hardware through Windows Update,” the spokesperson said. ®