Microsoft Pluton Security Processor for Windows 11 and Enhancements

Let’s learn about the Microsoft Pluton Security Processor for Windows 11 22H2. Intel’s Trusted Platform Module (TPM) is a good platform for improving security by creating a Secure Enclave like Critical System Information, encryption keys, etc.; however, now it has a successor named Microsoft’s Pluton Security Processor.

The security of your data is very necessary nowadays, providing better protection to protect our system from sophisticated cyberattacks or supply chain attacks. Cyberattacks or other malicious activity harm the system software and attack the hardware section. Microsoft Pluton helps to defend itself from these types of attacks.

Microsoft Pluton Security is a hardware chip-based system to protect your device’s information from being attacked and crashed. In this Generation, security is described as a layered approach, a combination of security technologies.

The processors with built-in security (Microsoft Pluton) are the future of computing hardware. Microsoft Pluton is developed with PCs and makes them more secure than ever.

Patch My PC
Microsoft Pluton Security Processor for Windows 11 and Enhancements - Fig.1
Microsoft Pluton Security Processor for Windows 11 and Enhancements – Fig.1

What is Microsoft Pluton Security Processor

Microsoft Pluton Security Processor is designed by Microsoft and built by silicon partners. It is a secure crypto-processor built into the CPU for security at the core. Pluton chip bases security is to ensure code integrity and the latest protection with updates via Windows Update.

Microsoft Pluton protects credentials, identities, personal data, and encryption keys. Information is hard to remove even if an attacker has installed malware or has complete physical possession of the PC.

Adaptiva

The Microsoft Pluton security processor is a chip-to-cloud security technology built with Zero Trust principles at the core. Microsoft Pluton is a hardware chip on the CPU. It, like TPM chips, can store protected data in an isolated way, protecting it from hackers being stolen or misusing sensitive data and cryptographic information.

Microsoft Pluton Security Processor for Windows 11 and Enhancements - Fig.2 (Source- Microsoft)
Microsoft Pluton Security Processor for Windows 11 and Enhancements – Fig.2 (Source- Microsoft)

Microsoft Pluton Security Processor technology combines a secure subsystem that is part of the System on Chip (SoC) and Microsoft-authored software that runs on this secure integrated subsystem. Microsoft pluton chip-based security started working in 2013 with Xbox console as well as Azure Sphere for connected devices.

Microsoft announced pluton tech for PCs in November 2020; however, in 2022, it came into force with actual devices. It is an integrated security chip that provides a secure identity for the CPU.

Microsoft Pluton is now available with Ryzen 6000 and Qualcomm Snapdragon 8cx Gen 3 series processors. Suppose a processor with the capacity to run pluton on windows 11 version 22H2 can be enabled in the device.

How Does Microsoft Pluton Security Works

The Pluton built into your process or the system can better guard sensitive data such as encryption keys, credentials, and user identities. Enable isolating important information from the rest of the system. It includes Secure Hardware Cryptography Key (SHACK) technology.

The idea with SHACK is that secure keys are never exposed outside the protected hardware. Pluton security subsystem consists of layers such as Hardware, Firmware, and Software.

As per Microsoft, Pluton can be configured as the Trusted Platform Module, as a security processor used for a non-TPM system like flexible with the platform, or OEMs can choose to turn off Pluton. The security architecture is shown in the image below.

Microsoft Pluton Security Processor for Windows 11 and Enhancements - Fig.3 (Source- Microsoft)
Microsoft Pluton Security Processor for Windows 11 and Enhancements – Fig.3 (Source- Microsoft)

Microsoft Pluton Hardware Initialisation

When you boot the device, the Pluton chip initializes by loading the Pluton firmware from the Serial Peripheral Interface (SPI) flash storage on the motherboard. At the time of Windows start-up, the operating system uses the latest version of pluton firmware.

Windows uses the firmware loaded during the hardware initialization if the latest firmware version is unavailable. The detailed process illustrates in the diagram below:

Microsoft Pluton Security Processor for Windows 11 and Enhancements - Fig.4 (Source- Microsoft)
Microsoft Pluton Security Processor for Windows 11 and Enhancements – Fig.4 (Source- Microsoft)

Benefits of Microsoft Pluton Security Processor

Microsoft Pluton is very hard to attack physically; as per Microsoft, attackers are not able to breach the security to access sensitive data, including credentials, user identities, encryption keys, and personal data, even if they installed malware or have physical access to PCs with pluton.

This security uses the Secure Hardware Cryptography Key (SHACK) technology to isolate keys from pluton’s firmware.

Like other hardware pluton chips, it also gets its firmware updates during the Windows Update integration. Microsoft directly delivers firmware updates to users through Windows updates. This process can get important security patches.

Microsoft Pluton Security Processor Device Launch

Microsoft reveals the launch of the pluton security processor. As per Microsoft, Lenovo is the first PC maker to launch pluton-powered PCs. All Ryzen 6000 series processors feature the Pluton chip. The Qualcomm Snapdragon 8cx Gen 3 series also feature the pluton chip.

Differences between TPM Vs. Microsoft Pluton Security Processor

There are many differences as well as similarities between TPM and Pluton processors shown in the table below:

Trusted Platform Module (TPM)Pluton Security Processor
TPM is a security chip, which provides better security for Windows usersMS Pluton is also a security chip, which provides better security for Windows users
TPM is a separate module that stores the data protectedMS pluton comes with the built-in part of the CPU
Due to external communication data passing between chips being exposed to physical attacksNo external communication. No data exposed to physical attacks
Windows Hello, BitLocker, Measured boot, Credential guard, etc., utilize the TPM for better securityMicrosoft Pluton is also compatible with the existing solutions used by TPM
TPM improvised a lot of developments over the past few years. It can now protect users from more types of threats. The latest version of TPM can use different algorithms to protect against specific threats in case the existing algorithm doesn’t work.Pluton is a proven chip with better technology. Microsoft has used this security module in Xbox and Azure Sphere for years. They also collaborated with other companies like AMD, Intel, and Qualcomm and now collaborating with other ecosystem partners. It has made the Pluton more trusted and reliable.
TPM is a very secure technology. However, it has some drawbacks too. Software-based or virtual TPMs may have bugs and provide security against system theft only. TPM can be more vulnerable to external attacks while rebooting the system.Pluton security chips are under development to replace TPM
Microsoft Pluton Security Processor -Table 1

Microsoft Pluton Ends Windows Piracy?

Microsoft already ended piracy on Xbox using the Pluton chip and integrating the software with it. The question is whether the same thing will happen on Windows 11.

Microsoft Pluton is not yet in the mainstream. However, Microsoft addressed bringing its own security chip to improve the security of the Windows operating system. If there is a plan to end piracy on windows may be addressed by Microsoft soon.

Author

Alok is a Master of Computer Applications (MCA) graduate. He loves writing on Windows 11 and related technologies. He likes to share his knowledge, quick tips, and tricks with Windows 11 or Windows 10 with the community.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.