Apple, Google and Microsoft have been installing hardware security modules in their own devices for some time. The latter wants to significantly expand the protection with the so-called Pluton processor. The new security chip will soon find its way into CPUs and APUs as well as SoCs from hardware partners AMD, Intel and Qualcomm as a permanently integrated component. First of all, the main focus is on protection against manipulation and the defense against attacks on the firmware in the form of the UEFI BIOS.

These are currently prevented in pure software form by the firmware TPM. However, such solutions do not provide comprehensive protection and still offer security loopholes that can be exploited by hackers. Security researcher Denis Andzakovic showed last year, for example, that the communication between the Trusted Platform Module 2.0 and the chipset can be read out on the low-pin interface (LPC). This would, for example, make it possible to intercept Bitlocker keys.

Such security problems should be addressed with a security chip integrated directly into the processor, such as the Pluton processor, be resolved. Despite full chip integration, Microsoft’s chip is said to be isolated from the rest of the processor, which should exclude side-channel attacks such as Specter. Furthermore, protected digital keys do not leave the security hardware. This happens due to the SHACK function, which stands for Secure Hardware Cryptography Key. This means that it cannot be accessed using the chip’s own firmware. In addition, security gaps are to be closed continuously via Windows Update. Microsoft’s Azure server is supposed to make threats less likely by checking the integrity of the Pluton processor and its firmware.

In the further course of development, Microsoft is also planning the functionality of the Pluton processor for passwords and expand user data. Windows computers of all price ranges are to be equipped with the chip in the future. However, this should not lead to a Windows requirement, other operating systems can still be used as usual. CPU and GPU manufacturers also always have the option of installing a shutdown function for the Pluton processor.