In November 2020, Microsoft unveiled Pluto, a security chip the company designed to thwart some of the most sophisticated types of hacking attacks. On Tuesday, AMD announced that it will be integrating the chip into its upcoming Ryzen processors for use in Lenovo’s ThinkPad Z series of laptops.
Microsoft has previously used Pluto to secure Xbox Ones and Azure Sphere microcontrollers against attacks involving people with physical access opening device cases and performing hardware hacks that bypass security protections. Such hacks are usually carried out by device owners who wish to run unauthorized games or programs to cheat.
Now, Pluto is evolving to secure PCs against malicious physical hacks designed to install malware or steal cryptographic keys or other sensitive secrets. While many systems already have trusted platform modules or protections such as Intel’s Software Guard Extensions to secure this data, secrets remain vulnerable to several types of attacks.
One of these physical attacks involves placing wires that exploit the connection between a TPM and other components of the device and extract the secrets that pass between the machines. Last August, researchers revealed an attack that took just 30 minutes to obtain the BitLocker key from a new Lenovo computer preconfigured to use full disk encryption with TPM, password protected BIOS settings. pass and UEFI SecureBoot. The hack, which worked by sniffing the connection between the TPM and the CMOS chip, showed that locking down a laptop with the latest defenses isn’t always enough.
A similar attack unveiled three months later showed that it was possible to exploit a vulnerability (now fixed) in Intel processors to defeat various security measures, including those provided by BitLocker, TPMs and anti-copy restrictions. . The attacks known as Specter and Meltdown have also repeatedly highlighted the threat of malicious code extracting secrets directly from a processor, even when the secrets are stored in Intel’s SGX.
A new approach
Pluto is designed to fix all of this. It is integrated directly into a CPU matrix, where it stores encryption keys and other secrets in a walled garden that is completely isolated from other system components. Microsoft has said that the data stored there cannot be deleted, even when an attacker has installed malware or has full physical possession of the PC.
One of the measures that makes this possible is a Secure Hardware Cryptography Unique Key, or SHACK. A SHACK helps ensure that keys are never exposed outside of protected hardware, even to the Pluto firmware itself. Pluto will also be responsible for automatically delivering firmware updates through Windows Update. By tightly integrating hardware and software, Microsoft expects Pluto to seamlessly install the necessary security patches.
“If I’m running an office IT department, I want people to run verified versions of Windows and office apps and lock down as much as possible to prevent all kinds of malicious and unauthorized things,” said Joseph FitzPatrick, a hacker and a firmware security researcher at SecuringHardware.com. “Pluto is the material-activated path to get there.”
He said Pluto will also prevent users from running software that has been modified without permission from developers.
“The benefit is that it makes x86 systems more secure and reliable by allowing more of a walled garden approach,” said FitzPatrick. “The downside are the typical complaints about the walled gardens. “
From the start, TPMs have had one fundamental limitation: they were never designed to protect against physical attacks. Over time, Microsoft and others began to use TPMs to more securely store BitLocker keys and similar secrets. The approach was much better than storing the keys on disk, but as the researchers demonstrated, it was barely enough.
Eventually, Apple and Google introduced the T2 and Titan chips to make things better. The chips offered some security against physical attack, but both were essentially bolted to existing systems. Pluto, on the other hand, is integrated directly into the CPU.
The security chip can be configured in one of three ways: as the device’s TPM, as a security chip used in non-TMP scenarios such as platform resiliency, or by as long as something that PC makers disable before shipping.
ThinkPad Z series laptops with Ryzens built into Pluto will start shipping in May. Microsoft said
The ThinkPad Z13 and Z16 models that use Pluto as the TPM will help protect Windows Hello credentials by further isolating the credentials from attackers.