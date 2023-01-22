For those worried about Microsoft's Pluton TPM chip: Lenovo won't even switch it on by default in latest ThinkPads.
PCs coming out this year with Microsoft's integrated Pluton security chip won't be locked down to Windows 11, and users will have the option to turn off the feature completely as well as install, say, Linux as normal, we understand.
The first Windows 11 PCs with Pluton built-in were shown at CES earlier this month. Major PC chip houses – think Intel, AMD, and Qualcomm – are said to be embedding Pluton inside their just-launched or upcoming microprocessors.
Pluton can act as a Trusted Platform Module (TPM) or as a non-TPM security coprocessor. It's a way for Microsoft to specify exactly how it wants a TPM component to be present in microprocessors so that Windows 11 can use the hardware as a root-of-trust and secure its stuff.
Microsoft's invasion at the hardware level has some users – especially those in the open-source community – on high alert. The concern relates to the chip being a means to lock equipment exclusively to Windows 11, shutting out other operating systems, such as Linux distros and the BSDs. Manufacturers tell us that's not the case: Pluton won't get in the way.
AMD integrated Microsoft's Pluton design into its Ryzen 6000 chips, which were just introduced at CES. AMD said its goal is to bring better security to Windows PCs, and users can disable Pluton on machines that follow AMD's reference firmware.
[...] PC makers can choose to ship computers with Pluton turned off, and the technology does not verify the signature of bootloaders, Microsoft PR said. The security processor can be configured to act as a TPM, or used in a non-TPM scenario, or disabled.
But if you eat a pluot while riding a Peloton and rebooting your machine, I bet it turns on automatically.
"I am altering the deal. Pray I don't alter it any further."
If someone told me they'll put a tiger in my living room and promised me it will stay asleep if I don't want to pet it, I'd tell them to take the tiger back to the zoo.
UEFI was supposed to be the Magic Bullet - and is now a vector for nasty malware. As in chuck your motherboard bad.
Now the same perps (Microshaft) are foisting Pluton on the world. OEMs should just say "go away" but they depend on MS for their lives...
My prediction: 3-5 years max we will see serious malware exploiting the Pluton chip, even if it is "disabled".
Unless its disabled with a jumper on the motherboard, it can be re-enabled in software / malware.
So Lenovo won't have it activated by default. But as soon as the user starts Windows there will probably be a request to turn it on and if you dont Windows won't work properly or there will be reoccurring nagscreens with a multitude of buttons where all of them will activate it or delay it until next time it asks.