To many people’s dismay, Microsoft listed TPM 2.0 among the hardware requirements for Windows 11. Through the TPM 2.0 requirement, Microsoft was hinting at a future where hardware and software level security are equally important.
Windows 11’s requirement for TPM 2.0 equipped hardware may just be the beginning. Microsoft is already talking about a future where Windows will leverage Pluton-enabled CPUs. Above all, the goal is making the OS more secure.
In this article, I’ll explain what Pluton is and why it matters. After that, I’ll also explain the impact that Pluton may have on Windows over the long term.
A Quick Glimpse at Pluton
To understand why Pluton matters, you need to first see why Microsoft chose to require TPM 2.0 hardware for Windows 11. TPM is short for Trusted Platform Module. It’s essentially a cryptoprocessor, so it has many purposes ranging from encryption to identification and authentication. TPM can also play a role in verifying file integrity. TPM exists on a separate chip, not in the device.
Although TPM 2.0 is certainly more secure than the aging TPM 1.2 standard, which was released in 2011, it isn’t perfect. TPM 2.0 dates back to 2014, and is already beginning to show its age. We’re hearing about firmware attacks that target TPM to steal credentials or encryption keys. What’s more, anyone who physically possesses a device can theoretically intercept the communications flowing between a device’s CPU and its TPM chip. While I haven’t heard any confirmed stories about any successful attacks, these are theoretically possible.
This is where Pluton comes into play. Pluton has a lot of similarities to TPM. It can even function in a backward compatible, TPM emulation mode. That said, it exists inside the CPU, not within a separate chip. That makes it much more difficult to attack a machine’s cryptographic data.
What Else Can Pluton Do?
As far as Windows goes, Microsoft seems to primarily be envisioning Pluton as a next-generation replacement for TPM. Still, Pluton has the potential to be more than just a TPM stand-in.
Even though the first Pluton-equipped PCs haven’t yet shipped, Pluton has already served other purposes. Pluton wasn’t even for PCs in the first place. It was actually a tool for Azure Sphere and Microsoft’s Xbox gaming platform.
Pluton’s primary role within Xbox gaming consoles was to enforce DRM. DRM stands for Digital Rights Management. It’s a copy protection method. DRM also makes it more difficult to pirate Xbox games.
The important thing to understand is that DRM isn’t unique to Xbox. It’s been a security feature to safeguard many media types against copyright infringement. DRM protected movies, music, and even some eBooks and audiobooks.
DRM-based copy protection has been very prevalent, and Pluton came along to enforce DRM on gaming consoles. That’s why some people speculate that Pluton would be an anti-piracy mechanism for Windows.
Long Term Predictions
As previously noted, Microsoft made TPM 2.0 a requirement for the Windows 11 operating system. Although Windows 10 supports TPM 2.0 hardware, you can run Windows 10 without it. Microsoft is capitalizing on modern hardware’s enhanced security, moving their customers forward. That’s also why they made TPM 2.0 a Windows 11 requirement.
Even though Windows 10 works with TPM 2.0 hardware, Microsoft couldn’t get away with changing Windows 10’s hardware requirements midstream. Customers would be quite angry if they found out they couldn’t use their current hardware with their Windows 10 license. That’s why Microsoft had no choice but to introduce a new Windows version to make TPM 2.0 a requirement.
Similarly, we may eventually see that happen with Pluton. Pluton hardware will work with Windows 11, but Microsoft can’t suddenly require Windows 11 users to switch to Pluton hardware. I’m guessing that Microsoft will eventually release a Windows 12 that only runs on Pluton-enabled PCs. The release can only happen when Pluton-enabled hardware saturates the market. That said, I wouldn’t be surprised to see a Windows 12 announcement in two to three years.
I have no doubt that Microsoft would prefer to require Pluton-enabled systems much sooner than that. Unfortunately, that’s impractical. Pluton is still a newcomer. Just this year, in the CES 2022, Lenovo showcased two Pluton-enabled systems. That was the first introduction for Pluton on a PC.
It’s becoming increasingly clear that software-only security is inadequate. TPM 2.0 is showing its shortcomings. Pluton can mitigate these flaws, making it the next big thing in hardware security. It stores keys inside the CPU, not on a separate chip. That makes it much more difficult for attackers to compromise the hardware.
Embracing hardware-level security features is the only way for Microsoft to keep pace with emerging threats. Just like they’ve done with Windows 11, they can keep evolving. Pluton represents the next evolution in hardware-enabled security. It’ll undoubtedly become a Windows requirement in the future.
What’s the difference between Pluton and TPM?
TPM exists on a dedicated chip, while Pluton exists within the CPU. That means Pluton allows mainboards to be smaller in manufacture.The CPU upgrade also updates security. That makes Pluton’s future quite bright in newer lightweight devices.
How will Pluton make it more difficult to compromise data traditionally embedded in the TPM?
The TPM exists on a separate chip. If an attacker has physical possession of a device, they can intercept communications between the CPU and the TPM chip. Pluton exists inside the CPU, which eliminates these potential attacks.
What manufacturers will be producing PCs with Pluton-enabled CPUs?
Lenovo will be the first to introduce Pluton-enabled laptops with AMD processors. Other manufacturers will also inevitably follow suit. Microsoft is gearing up to introduce Pluton in its latest Xbox consoles. That’s because Pluton’s integration reduces manufacturing costs.
Is Lenovo going to disable Pluton on its new laptops?
Lenovo has indicated that it won’t enable its Pluton security chips by default. Many suspect that Pluton, much like TPM, is a way to hinder Linux usage on a system. This is due to its lack of support for Unix-based platforms. Lenovo will effectively allow users to decide what OS they wish to use without adding this bias.
Do you think that Pluton will eventually serve DRM?
Pluton’s marketing currently gears towards enhancing security. That said, digital rights management (DRM) and similar use-cases seem inevitable. That’s because the cryptographic process used isn’t limited to one use-case.