As it was announced in AMD’s keynote that it will be starting in the 6000 series, I’m not real fond of this.
Microsoft has also stated that the Pluton hardware will be updateable through Windows Update and it "provides a platform for innovation that allows customers to benefit from new features in future releases of Windows that leverage the Pluton hardware.
Blockquote
through Windows Update? that seem like a perfect way to inject something we really don’t want.
Yeah, clearly aimed at making your hardware, that you’ve actually already paid for, into a subscription model. I gonna ROFLMAO when (not if) the EU is banning this outright, no matter what product they sell it in
Can someone actually explain what the pluton really is and/or does… I can’t find anything about it online that would explain it any better than the honestly vague microsoft blog about it from 2020. The security stuff sounds ok but I’m not loving the “chip to cloud security” catch phrase, or the fact that there is now another black box chip on our cpu’s, in addition to Intel ME or the AMD equivalent. Or the fact that even tho they say it’s not for DRM, it can totally be trivially adapted to that if a customer wants to, and we all know they want to.
Even arm is not safe from this as Qualcomm is also doing it :<
No it’s Zen3+. Pluton was only announced for the 6000 series mobile parts. Zen4 is Ryzen 7000 and there was no mention of pluton with that announcement, or any other desktop parts.
Curiously at the same time Pluton was announced in 2020, Open Titan was also announced as an open source alternative, I really wish AMD had gone with open titan instead, or will at a later date.
This reminds me of Intel’s Management Engine, more than TPM.
It’s a separate, self contained SoC with network access (it can talk directly to the cloud). So it’s a massive attack surface. Not clear if the consumer version will have network access or if it will just be used to protect local secrets like encryption keys.
My worry is Microsoft strong arming the boot process again, aka the UEFI secure boot issue, remember manufacturers forgot about linux support!
Since it’s built on previous work, this talk details their ability to secure from people doing physical attacks on hardware, plus do game data decryption via a secure core of the processor.
Microsoft noted that Pluton can be configured in three ways:
Trusted Platform Module (TPM)
Security processor for non-TPM scenarios like platform resiliency
OEM device with it turned off
Rest of the article just mention IT providing better signals for zero trust (byond corp) setups and intergration via Intune to the Azure Attestation service, which will be there cloud managment product for endpoints.
They tried to get the approval from all involved in the PSP (Platform Security Processor) but some party or other did not want to open it up.
And on the naming… never change AMD, I look forward to next yeah 12000 which of course will follow after the 8000 mobile CPUs but before the 10000 mobile CPUs, easy to follow guys yeah? /s
Unfortunately for open titan, the second article and my reaction to it are probably why, google… nope, no thanks. Even if that is silly and misinformed they probably don’t want to get caught in that FUD.
I think they started skipping generations to denote desktop vs mobile CPU’s after the debacle of naming conventions in the 2000 series. Just my 2 cents on that.
Thank you for your explanation. What the hell is this supposed to mean:
“provides a platform for innovation that allows customers to benefit from new features in future releases of Windows that leverage the Pluton hardware”
The evasiveness reeks of a guilty conscience, no?
If they want some kind of Microsoft-specific UEFI or something for their own Azure devices that’s one thing. Forcing it on consumers is another. And frankly I am skeptical of the unstated security benefits that will be invented to justify this.
It means, We have some plans for this in the future but we do not want to duscolse what that is until enough of these are out there that you will have to join us or forego features or possibly windows as a whole.