I worked extensively with Pluton when I was employed on Azure Sphere (an IoT platform marketed as highly secure and composed of a linux-based OS, ARM SoC, and cloud service). I might be able to answer questions about this.<p>Here’s a blog by the engineer lead on Azure Sphere that discusses Pluton:
<a href="https://azure.microsoft.com/en-us/blog/anatomy-of-a-secured-mcu/" rel="nofollow">https://azure.microsoft.com/en-us/blog/anatomy-of-a-secured-...</a><p>Disclaimer: I still work at MSFT but in a different org.
A previous HN link is here -- <a href="https://news.ycombinator.com/item?id=25131431" rel="nofollow">https://news.ycombinator.com/item?id=25131431</a> -- which links to MS's original press release -- <a href="https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/" rel="nofollow">https://www.microsoft.com/security/blog/2020/11/17/meet-the-...</a>.<p>That article explicitly states that it was designed originally for the xbox. I worry that going to be a very anti-consumer, anti-free-speech, DRM heavy chip that MS want to popularise as an alternative to the (still hated in some circles) TPM. Why else would they design it for the xbox, of all things? Is it aimed to stop speculative execution attacks on a cloud server, or provide Level 4 DRM to Widevine's as-yet-unannounced competitor?
The marketing for this chip is vague and confusing because the chip does absolutely nothing for you.<p>This chip is not here to protect you from compromised or malicious IoT devices, or to protect you from compromised or malicious cloud services.<p>This chip is here to protect the Microsoft cloud from compromised or malicious IoT devices. They would also like you to believe that the chip improves security in the cloud. In actuality it protects software running on your device from ... you. All this attestation stuff is great for DRM!<p>That poses a problem for marketing. They have to let it sound like it does something for you when it actually doesn't.<p>It's no surprise then that the marketing is basically a giant weasel word souffle with some buzzwords sprinkled on top, and a bit of name dropping.
After reading through @darzu's pluton explanation on the site linked, I realised this actually may give you the impression that it's a security measure, but in reality now Azure can verify each chip (not just the computer anymore) and see if it runs authentic software (ding ding ding - Windows Licensing). The two key pair method mentions that each devices can be verified to be running authentic software by azure (the phone home thing everyone is worried about). While most laptops and computers do not ship with keys anymore and instead the hardware generates some kind of signature that is then verified by windows activation, this feels like an easier method of doing that. I wonder if this also means Microsoft is aggressively going to make more and new hardware (or some Microsoft verified hardware kind of thing to setup standards) to directly compete with Apple Silicon and keep profits healthy by forcing more customers to pay for authentic software.
Isn't this basically fTPM (basically software TPM implemented in the trusted execution environment of the CPU) that both AMD and Intel already offer?
Locking out other OSes isn't a main goal of Pluton (although technically it can), there are just too many issues (hey Infineon, Intel and Qualcomm I am looking at you) with existing dTPM and fTPM implementations.
<i>> What the Pluton project from Microsoft and the agreement between AMD, Intel, and Qualcomm will do is build a TPM-equivalent directly into the silicon of every Windows-based PC of the future.</i><p>CPUs with security modules controlled by MS? Who will guarantee it won't be abused against non MS systems and users?
Wouldn't be surprised if this will be used to block programs coming from non western nations.
Pompeo talked about creating a "Clean network" to keep foreign non allied nations hardware and software out of it.
Call me sceptical, but I hope m$ is not pulling Apple tricks to lock computers to their OS. Is this open source? Will consumer be able to audit it down to the silicon level?
An unnecessary solution for an inexisting problem.<p>I hope they lose their investment.<p>I also hope all their hordes of fanboys wake up to reality now. Yes, the people that "<3 open source" and "<3 Linux" and gave you VS Code for free, will now own your CPU now and you have nothing to do about it. And then, if they change their mind and don't want you to run Linux, you won't run Linux.
I wonder if it will be one of the inferior technologies that were forced by Microsoft even outside of their Windows world. Like it happened with UEFI (that has no multithreading, uses PE as a format, Microsoft C ugly coding convention, bloated), SecureBoot (that was designed to stop anything non-Windows instead of real security), UTF-16 (everyone except them and JavaScript uses UTF-8), and so on. The list is long.