Windows IT Pro Blog:
Earlier this year, we announced that the Microsoft Pluton security processor (Pluton) will be enabled by default on all Copilot+ PCs. With new Pluton devices manufactured by our rich ecosystem of PC partners, we're taking this opportunity for a deep dive into this foundational technology and how it will continue to evolve.
What is Pluton?
The Microsoft Pluton security processor is a secure, flexible, and updateable hardware foundation for Windows 11. When Microsoft initially announced Pluton in 2020 along with our silicon partners, we described the security benefits and protections that Pluton can bring to devices. Since then, we’ve been working with our silicon and device partners to broaden Pluton's presence in the PC market. The Pluton security processor is an example of the Microsoft Secure Future Initiative (SFI) commitments in action: make Windows more secure by design, by default, and in operation.Operating on dedicated hardware on the CPU system-on-chip (SoC), Pluton helps provide additional protection for sensitive assets like credentials and encryption keys. Pluton also receives its firmware and feature updates directly from Microsoft, simplifying management and delivering ongoing protection to help against current and future threats while adhering to safe rollout and deployment practices.
Pluton architecture—an overview
For Pluton to work, three elements need to come together: hardware, firmware, and software. These elements function in unison, as shown in the diagram below:
Architecting for security today and in the future
As we planned for the next wave of Pluton devices, we recognized two major inputs from when Pluton was first envisioned:- In 2019, Microsoft security research data showed that ~70% of the vulnerabilities Microsoft assigned a Common Vulnerability and Exposure (CVE) for were memory safety problems. We anticipated that memory safety would become even more critical for customers given the expected trendlines from the threat landscape. The 2023 advisory from the US government’s Cybersecurity & Infrastructure Security Agency (CISA) has highlighted the urgent need for memory safety in software products, which has added additional focus and urgency to address the threat.
- Customers expected to use their Windows devices for longer and therefore wanted their devices to reliably update for the life of their device. In line with this trend, Microsoft announced in 2023 that new Surface devices would receive at least six years of driver and firmware updates from the date of general availability, instead of the previous minimum of four years. <a href="Understanding the Microsoft Pluton security processor - Windows IT Pro Blog"
Updateability had been a fundamental goal since the inception of our Pluton journey. To help ensure Pluton’s resilience over many years, it needed to be built on a memory-safe platform. This approach allows the security processor, included with devices like Copilot+ PCs in 2024, to be updated and remain more resilient against the rapidly changing threat landscape, while remaining performant years into the future. This led to a major architectural shift for Pluton where we took the first substantial steps in using Rust for the security processor firmware.
Incorporating Rust as the foundation of our Pluton security processor firmware with Tock OS
After carefully evaluating multiple approaches, including building a fully custom solution from scratch, we decided to use Tock OS as the Rust-based foundation for Pluton. The Tock OS kernel is fully written in the Rust programming language and has a small but active open-source community.Tock OS forms the common basis of the Pluton firmware, with hardware support implemented for each architecture with drivers and hardware interface libraries (HILs). Customer-facing functions, such as the Trusted Platform Module (TPM) firmware on supported platforms, are implemented as a Tock user-mode apps on top of the Tock kernel.
We recognize building security solutions is a team sport. The Tock OS community has been incredible to work with, and we did not want to use Tock OS without giving back to that community. As part of our work with Tock, we are excited to highlight two recent contributions the Pluton team has made:
- At the TockWorld 7 conference in June 2024, Bobby Reynolds and Gustavo Scotti from the Pluton team presented a session “Porting Tock to x86 for Pluton.”
- To support Pluton on the Intel® Partner Security Engine (IPSE) hardware, we added support for the x86 architecture to Tock.
Copilot+ PCs on AMD Ryzen™ AI and Intel® Core™ Ultra processors (Series 2) are the first Pluton platforms to be released with our new Rust-based core. We greatly appreciate the partnership with both AMD and Intel as we collaborate on this pioneering effort.
Robust hardware designed to reduce attack surface
At the hardware layer, Pluton operates directly on a dedicated hardware security processor that is embedded in the larger SoC. While each CPU silicon provider implements the hardware for the security processor, the architecture is consistent for all Windows 11 PCs. The hardware security processor has its own microcontroller core, which starts from its own read-only memory (ROM) and then loads the integrity-verified Pluton firmware into dedicated static random-access memory (SRAM) and executes it.A key design point is to isolate the Pluton security processor silicon from the SoC’s central processing unit (CPU) cores and other hardware. This approach was taken to address the hardware attacks that have come to light over the last few years and to reduce the attack surface of critical security and cryptographic operations. This involves different trade-offs between performance and security than what is required for the main CPU. For example, any cache-based side channel attacks aimed at the main system dynamic random-access memory (DRAM) cannot extract information from the Pluton SRAM. The main CPU cores can only communicate with Pluton through a dedicated security hardened hardware interface, thereby reducing the attack surface on Pluton.
In addition to a dedicated microcontroller, ROM, and SRAM, Pluton has its own security-focused hardware—for example, a random number generator (RNG), accelerators for cryptographic algorithms such as hashing (SHA-2), symmetric encryption (AES), asymmetric encryption (RSA and ECC), and others. This helps ensure that security-sensitive operations such as creating and using cryptographic keys happen within the Pluton hardware boundary and cannot be accessed or interfered with by the main CPU. It also helps deliver optimum performance for these operations.
The Pluton hardware design is meant to complement existing hardware and firmware security capabilities in the larger system. Capabilities like UEFI Measured Boot, System Guard secure launch, and memory integrity continue to help provide the necessary protection for code executing on the CPU cores.
The Pluton security processor does not control or intercept execution of any code on the CPU cores; for example, Pluton does not control what operating system runs on the machine. Pluton is subject to Input-Output Memory Management Unit (IOMMU) restrictions like other devices. Secured-core PCs enable kernel DMA protection which enforces isolation for devices on the system including Pluton. The Pluton security processor can secure cryptographic material like keys and measurements, and it can perform operations on stored information isolated from any code running on the CPU cores. This property makes it ideal for the primary purpose of Pluton—helping protect cryptographic secrets from attackers—which helps ensure, for example, that user data is owned by the user, or that their identity in the system remains theirs.
In addition to the common components mentioned above that exist in all Pluton security processors, Microsoft also works with our silicon partners to integrate some of the most advanced hardware security technologies into their respective Pluton security processor designs. This helps those partners add additional security capabilities unique to their chips—such as innovations in protection against fault injection and side channel attacks—and achieve security certification. As a result, the Pluton hardware layer will continue to evolve with cutting-edge technology from the broader industry.
- The AMD Ryzen™ 6000 Series pioneered Pluton capabilities, and customers can learn more about the hardware from its recently secured FIPS 140-3 certification. Copilot+ PCs launched this year on the AMD Ryzen™ AI 300 Series also include Pluton support.
- Intel® Core™ Ultra processors (Series 2) for Copilot+ PCs include the Intel® Partner Security Engine (IPSE). This supports Pluton capabilities with hardware-based security isolation from the CPU and within the SoC.
- Copilot+ PCs powered by the Snapdragon® X Series are equipped with the Qualcomm® Secure Processing Unit (SPU), which allows Pluton functionality to be implemented as secure apps running in an independently high-assurance security enclave. Learn more about Snapdragon processors.
Firmware renewability ensures strong protection and reliability
The Pluton firmware layer makes use of the hardware layer to help provide higher level security functionality needed for various scenarios by the operating system, application platform, or system firmware.As with other security critical code developed by Microsoft, the Pluton firmware follows strict firmware security best practices, including strong code integrity protections to help protect against unauthorized code execution, and roll-back protection to prevent loading old, vulnerable versions of the firmware.
Pluton firmware that runs on a particular silicon’s Pluton hardware utilizes advanced hardware features when available, further hardening the system against attacks. For example, Pluton firmware uses any memory protection hardware available on the hardware layer to further protect the firmware’s own SRAM. It utilizes the hardware key storage (if available) to further help protect keys so that compromised firmware cannot extract secret key information. While Pluton firmware can take advantage of different hardware capabilities, it maintains a consistent interface to the software layer, so the software that interacts with Pluton won’t need to change.
Pluton drivers, OS features, and applications running on Windows 11
The Pluton software layer consists of the normal operating system and driver support for the Pluton security processor and associated functionality. The Pluton driver or TPM driver native to the Windows OS automatically determines how to interact with a specific configuration of Pluton. The Pluton functionality is abstracted away from the higher software layers and applications, and the underlying framework automatically leverages Pluton when available. Our goal is to help build end-to-end security workflows and experiences that have the most robust fundamentals around reliability and built-in serviceability that facilitates continuous improvement.Supported Pluton configurations
To support the diverse needs of the wide Windows ecosystem, there are a variety of configurations that Windows original equipment manufacturers (OEMs) can choose from to meet the needs of different customers:- Pluton can be used as a security processor alongside a discrete TPM 2.0 device. Pluton can provide security capabilities rooted in hardware that can help harden existing Windows security features and enable new security capabilities on supported hardware with future updates.
- Pluton can also be configured as a TPM 2.0 on supported systems. Windows 11 uses TPM 2.0 functionality in features like BitLocker and Windows Hello to protect the cryptographic materials that are used to protect user data and identities. Pluton conforms to the Trusted Computing Group (TCG) TPM 2.0 specification, and OEMs have the option to use Pluton as the TPM for the system or to expose UI in the BIOS settings on the device that allow the customer to choose Pluton or another TPM option if present for their device.
Introducing the Pluton key storage provider
We're aiming to add new software functionality that extends Pluton security features and provides the latest protection from the evolving threat landscape. The first addition, to be delivered with future updates, will be a key storage provider (KSP) for Pluton that is enabled even if Pluton is not the configured TPM. This will help make Pluton’s cryptography capabilities available to the Windows system and applications using APIs that are familiar to Windows developers. In addition to the security properties of Pluton, applications integrating with security hardware will benefit from friendlier developer behavior around how keys are managed across different scenarios. This includes relatively uncommon but important events like firmware upgrades and PC reset. As one example, there are no interfaces to remove keys inadvertently—operations like clearing keys would be performed by the application managing the keys or by a system action that is intuitive to the end user and that developers are accustomed to accounting for like PC reset. The Microsoft Entra and Microsoft Intune teams are integrating protection for their client components with the Pluton KSP. Future updates to Copilot+ PCs will enable the Pluton KSP and associated functionality on capable hardware.Learn more about Windows Security
The updated Windows Security book is available to help you understand how to stay secure with Windows. Learn more about Windows 11 and Copilot+ PCs.To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
Source:
Understanding the Microsoft Pluton security processor - Windows IT Pro Blog
Take a deep dive into the Pluton security processor to learn more about this foundational technology.
techcommunity.microsoft.com
Last edited:
