Microsoft's Pluton chip upgrades the hardware security of Windows PCs:
The next Windows PC you buy could come with an advanced security co-processor that will protect your data from being stolen by hackers. Building on work it started with the Xbox One, on Tuesday Microsoft announced the existence of Pluton. It's a new project the company is working on with both AMD and Intel, as well as Qualcomm, to create x86 and ARM CPUs that integrate a dedicated security component.
At its simplest, Pluton is an evolution of the existing Trusted Platform Module (TPM) you find in many modern computers.
[...] That's where Pluton comes into the picture. By integrating the TPM into the CPU, Microsoft says it's able to close off that avenue of attack.
[...] Since Microsoft is hardening the security of your Windows PC through a new hardware component, you won't get the benefit of Pluton unless you buy a new chip. As things stand, Microsoft hasn't said when people will be able to buy Pluton-equipped CPUs, and it may take a while before they become available.
(Score: 5, Funny) by The Mighty Buzzard on Tuesday November 17 2020, @10:38PM (9 children)
And here I was wondering how I was supposed to send Microsoft a whole bunch of data about me when I'm running Linux. Problem solved!
My rights don't end where your fear begins.
(Score: 3, Insightful) by Freeman on Tuesday November 17 2020, @10:42PM (6 children)
I was thinking more along the lines of a "side-effect" of said chip being that you have to disable said security feature, if you want Linux to function. As opposed to being able to just pop a Linux USB/CD/DVD in and boot. Definitely not anti-competitive at all, just an unfortunate side-effect.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 4, Insightful) by DannyB on Tuesday November 17 2020, @10:49PM (3 children)
Not to worry!
You'll be able to run Linux!
As long as it is a Microsoft signed kernel.
Every performance optimization is a grate wait lifted from my shoulders.
(Score: 3, Insightful) by Anonymous Coward on Tuesday November 17 2020, @10:52PM
Pluton isn't done till Linux doesn't run.
(Score: 2) by takyon on Tuesday November 17 2020, @11:25PM (1 child)
As long as it's Microsoft Windows Linux 12.0.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by DannyB on Wednesday November 18 2020, @06:16PM
Instead of: Microsoft signed kernel
I should have said: Microsoft singed kernel
Every performance optimization is a grate wait lifted from my shoulders.
(Score: 2) by Runaway1956 on Tuesday November 17 2020, @10:50PM (1 child)
Microsoft . . . avenue of attack.
(Score: 3, Touché) by Anonymous Coward on Tuesday November 17 2020, @11:47PM
Avenue? 8-lane interstate, maybe.
(Score: 2, Funny) by Anonymous Coward on Tuesday November 17 2020, @11:16PM
Compile your favorite linux distro for the latest M1 chip macs then. Problem solved !
(Score: 2) by Pino P on Wednesday November 18 2020, @09:39PM
If you use GNU/Linux and want to send your data to Microsoft instead of Google, try these:
(Score: 5, Insightful) by Fishscene on Tuesday November 17 2020, @10:51PM (9 children)
One person on the green site... one person was in favor of this chip to increase physical security (apparently the BUS can be tapped in to by hackers with physical access - who knew?!?!). Every other comment I've ever read about this chip is HIGHLY suspicious of Microsoft, the chip, and anything related to those two entities. In my opinion, this is well-deserved. The vast majority of people do not want this, didn't ask for it, and *surprise!* here it is! There's 100% an ulterior motive for this and it does not have consumer benefit in mind. Otherwise, why was this secretly developed and implemented?
I know I am not God, because every time I pray to Him, it's because I'm not perfect and thankful for what He's done.
(Score: 4, Informative) by Freeman on Tuesday November 17 2020, @10:58PM (2 children)
In the event that a hacker has physical access to your computer, you've already lost.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Touché) by Anonymous Coward on Tuesday November 17 2020, @11:05PM (1 child)
What is "your computer"? It is Microsoft's computer, and never forget it, you serf!
(Score: 1, Insightful) by Anonymous Coward on Tuesday November 17 2020, @11:34PM
Exactly, Microsoft is shipping their computer out and want to maintain its security in the hands of the adversary, er, customer.
(Score: 1, Insightful) by Anonymous Coward on Tuesday November 17 2020, @11:04PM
Arms races work better when enemies don't know manufacturing plans prior to deployment.
If I wanted to insert a permanent backdoor, it'd be in this. MS wants to be the only keyholder to that capability, and announcing to the world that this was coming would've put a big target on the back of the whole project, from design docs and test plans to silicon manuf.
Better to encrypt and/or sign asymetrically, putting a hardware decryption key in silicon and keeping the secret signing key airgapped, bringing blobs to sign to that machine, and printing out (and then walking to a non-air-gapped machine and OCR'ing back in) the issued creds, with the very existence of that airgapped key secret as long as possible.
Lots of other reasons too, for better or worse.
(Score: 2) by driverless on Wednesday November 18 2020, @01:32AM (2 children)
And by the sounds of it it's just a TPM - the first thing you disable when you get your PC - baked into the CPU. So it's something you don't want, but now it's permanently installed. Thanks, Microsoft!
Naming it after the ruler of the underworld is just the icing on the cake.
(Score: 2) by Tokolosh on Wednesday November 18 2020, @03:22AM
It's a MS tax, making you pay for something you don't want.
(Score: 3, Funny) by TheRaven on Wednesday November 18 2020, @05:21PM
Why would you disable the TPM? With Linux and FreeBSD, you can use the TPM to manage the disk decryption key only to a bootloader that has the signature that you expect and has received your boot password. If someone steals your laptop, they can't exfiltrate the key and they can't see any of your data unless they know your password. If they try more than a few times then the TPM deletes the key. You can use it for WebAuthn, storing a secret key in the TPM and a per-site nonce in insecure storage, so the TPM derives a key from the secret key and the nonce and then signs the WebAuthn queries, so that your OS never has access to the key and even a privilege escalation from a web browser vulnerability can't exfiltrate the key and can only do live attacks.
Oh, and you can use the TPM to store SSH private keys too and do the signing for ssh-agent, so even someone compromising the OS or stealing the disk from your machine can't steal your SSH key (and can't use it without your pass phrase).
sudo mod me up
(Score: 2) by pdfernhout on Wednesday November 18 2020, @02:10PM (1 child)
https://www.youtube.com/watch?v=XgFbqSYdNK4 [youtube.com]
https://archive.org/details/TrustedComputing [archive.org]
https://www.lafkon.net/tc/ [lafkon.net]
"This animated short-clip shows you one of the many effects of today's capitalism, and how this effects will also concern YOU. Trusted Computing, sounds great! Is it??? Learn more, watch this movieclip."
Bottom line in the video: for whatever else it claims, the "Trusted Computing" architecture is mainly about not trusting... you!
The related website from back then is still up but not completely functional: http://www.againsttcpa.com/ [againsttcpa.com]
Interesting how the message in the video persisted better than the website... And sadly the video is even more relevant in general terms with every passing day... Catchy music too...
The biggest challenge of the 21st century: the irony of technologies of abundance used by scarcity-minded people.
(Score: 2) by pdfernhout on Wednesday November 18 2020, @02:12PM
Sorry for the typo, that video was from circa 2006 not 2016.
The biggest challenge of the 21st century: the irony of technologies of abundance used by scarcity-minded people.
(Score: 5, Insightful) by EEMac on Tuesday November 17 2020, @11:01PM (2 children)
Richard Stallman recommends using a fully libre computer with fully libre GNU/Linux. That's a pain for anything beyond basic dev/web browsing/LibreOffice work. Personally, I just want my Windows software to work without a lot of fuss. It would be convenient for me if Richard Stallman was wrong.
So I'm really f***ing tired of Richard Stallman being right, again and again and again. Microsoft and Apple are both moving deep into "it's not your computer" territory. Can you please lighten up on "let's be evil" for a while?
(Score: 1, Insightful) by Anonymous Coward on Wednesday November 18 2020, @12:30AM (1 child)
Personally, I've drawn the line at Win 7 Pro, bought a few spare ThinkPads from that era and have turned off all MS updates. My strategy clearly won't work forever, but so far so good.
(Score: 1, Insightful) by Anonymous Coward on Wednesday November 18 2020, @01:15PM
Yep. Surprisingly, those who have not installed updates have not found their computer spontaneously combusting yet, despite the high-pitched shrieking of every security "expert."
Yes, yes, I know, the tired old litany of arguments that usually forget that it's possible to be cautious and be relatively safe The bottom line that is always deliberately ignored by the Cult of the Update (or is dismissed by stating "Google always does it!", as though an OS vs. search engine had any equivalency) is that the question now boils down whether I want spyware pre-installed and certain, or added on and uncertain. I'll take added on, thanks, there's a chance it might not be there.
Never mind the silicon is faulty itself and software can't do a thing about that.
(Score: -1, Offtopic) by Anonymous Coward on Tuesday November 17 2020, @11:03PM (2 children)
Suddenly, a pandemic!
https://en.wikipedia.org/wiki/Timeline_of_the_COVID-19_pandemic_in_2019 [wikipedia.org]
(Score: 2) by hendrikboom on Wednesday November 18 2020, @01:40AM (1 child)
Back then it was still plausible that China might be able to stop the epidemic.
-- hendrik
(Score: 0) by Anonymous Coward on Wednesday November 18 2020, @02:31AM
And now who might be able to stop Pluton epidemic?
(Score: 2) by looorg on Wednesday November 18 2020, @12:00AM
So in essence they want to control everything and anything that runs (or executes) on "your" computer.
Will the M$ walled garden be compatible with the Apple walled garden, and whatever other gardens are out there -- not to even contemplate the various gardens within gardens? Or will it be the eventual battle of the gardens?
(Score: 0) by Anonymous Coward on Wednesday November 18 2020, @12:02AM (7 children)
Free and open hardware, when?
(Score: 2) by Mojibake Tengu on Wednesday November 18 2020, @12:12AM
You shall design your own CPU.
As every true sovereign does these days.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2) by looorg on Wednesday November 18 2020, @12:23AM (2 children)
Around the year when the linux desktop takes over. As much as I would like it I doubt there is a market, or a market viable enough to allow for the scale of investment required. If the users constantly want faster, more and better then it will never happen cause there won't be a sizeable enough market. Most of the userbase just won't care enough. In at most a hardware generation that chip will be on every motherboard or whatever is the latest OS (windows or not) wont even install except possibly in some very crippled or limited form. But most users or business will care.
(Score: 0) by Anonymous Coward on Wednesday November 18 2020, @04:35PM
Users don't necessarily want "faster, more and better", --- I suspect many people would be happy to use the same thing indefinitely (cheaper!). It's more that software consistently becomes "slower, less and worse" which dictates that better hardware be acquired to compensate for the bloat. This is mostly on lazy devs writing bloated garbage, has been from (almost) day zero.
(Score: 0) by Anonymous Coward on Wednesday November 18 2020, @08:25PM
98% of computer buyers will rush to buy the new hardware regardless of this, while maybe whining a little, and the slave masters know it.
(Score: 2) by hendrikboom on Wednesday November 18 2020, @01:47AM (1 child)
When the libre-soc project [libre-soc.org] completes. Their first tape-out is scheduled for December this year. A kind of proof of concept. Of course there is still a lot of work after that. They welcome competent contributers.
(Score: 0) by Anonymous Coward on Wednesday November 18 2020, @02:22AM
https://www.phoronix.com/forums/forum/hardware/graphics-cards/1207878-libre-soc-still-persevering-to-be-a-hybrid-cpu-gpu-that-s-100-open-source?p=1207882#post1207882 [phoronix.com]
(Score: 3, Insightful) by The Mighty Buzzard on Wednesday November 18 2020, @02:08AM
Now if you think RaspberryPi-level performance is acceptable and aren't afraid of running RISC-V instead of x86-64. I can't live with performance that shitty or I'd have already switched.
My rights don't end where your fear begins.
(Score: 3, Interesting) by Anonymous Coward on Wednesday November 18 2020, @12:59AM
UK, US, AU, NZ, IN, JP, Oct 11th
"International Statement: End-To-End Encryption and Public Safety"
https://www.justice.gov/opa/pr/international-statement-end-end-encryption-and-public-safety [justice.gov]
EU, Nov 6th
"Rights activists slam EU plan for access to encrypted chats"
https://apnews.com/article/technology-data-privacy-europe-fdf47545b487f545ba9f48e38d379a94 [apnews.com]
MS, Nov 17th
"Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs"
https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/ [microsoft.com]
Sapienti sat.
(Score: 4, Insightful) by stormwyrm on Wednesday November 18 2020, @02:24AM (4 children)
If I have the master key, then great, it's really my computer and I can use this hardware module to really protect myself. If someone else has it, then can they be held responsible when my machine is later compromised? Or do they have all the power over my hardware with none of the responsibility for it, as usual?
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by TheRaven on Wednesday November 18 2020, @05:27PM (2 children)
I don't know how the TPM emulation for Pluton is being written, but Pluton itself does not have a concept of the master key. It has a set of keys that have ACLs associated that define whether they can be used for encryption, decryption, signing, signature verification, or key derivation (and then what the derived keys can be used for). It's up to the code in the firmware to decide the policy for how those keys are used.
I'd imagine that this will have a key provided by the CPU maker and a key provided by Microsoft pre-loaded, but I imagine there's nothing stopping Grub (for example) from loading its own key and telling the UEFI code to use that as the one to trust for this machine.
sudo mod me up
(Score: 2) by stormwyrm on Thursday November 19 2020, @05:37AM (1 child)
Numquam ponenda est pluralitas sine necessitate.
(Score: 2) by TheRaven on Friday November 20 2020, @02:29PM
sudo mod me up
(Score: 0) by Anonymous Coward on Wednesday November 18 2020, @08:34PM
if it's closed source you don't know wtf it's doing, regardless of key "ownership"
(Score: 3, Insightful) by Subsentient on Wednesday November 18 2020, @04:17AM
This is bad news, for one, they could pull an Apple and only allow Windows to run on these machines. We have secure boot, but x86 implementations are supposed to boot cross-signed 3rd party operating systems. This could be the last step in the frog-in-boiling-water approach to disable that.
I remember when I learned the new Intel Mac Minis would never allow Linux to boot -- from the internal storage.
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 0) by Anonymous Coward on Wednesday November 18 2020, @06:24AM
They tried to put the TPM on the motherboard, but nobody wanted it. Motherboard manufacturers would sell their mother to save $2 per unit on manufacturing costs, they're not adding a useless TPM that nobody wants or needs.
This way, they only have to "convince" two CPU manufacturers, who are already beholden to or in bed with the MAFIAA and the TLAs.
The article makes it sound like everyone will have to get their firmware from Microsoft, but that's probably not the case. Most people will, but most people do now. Anyway, firmware updates are already crypto-signed. This seems like a nothingburger for CPU firmware.
I guess the only "good" news is that this won't appear until at least Zen 4 and whatever 13th-ish generation Core CPUs start including it, and CPU performance just isn't increasing any more, so there's hardly even any reason to buy a CPU that would come with it.
The sad thing is that the TPM is actually a good thing - if it's controlled by the user of the computer. But as Microsoft has shown with Xbox, that's not how it works in practice. But if you're a 100% free software user, you probably have more to fear from other problems.
(Score: 2) by Dr Spin on Wednesday November 18 2020, @10:56AM (1 child)
You can't handle security.
If you want security, WTF are you using a Microsoft product?
Warning: Opening your mouth may invalidate your brain!
(Score: 0) by Anonymous Coward on Wednesday November 18 2020, @08:37PM
Windows users (digital slaves) live in a false reality like The Matrix. They don't know how ridiculous it all is.
(Score: 0) by Anonymous Coward on Wednesday November 18 2020, @12:51PM
I think this is a little more likely to be accurate.
(Score: 0) by Anonymous Coward on Wednesday November 18 2020, @03:58PM (1 child)
s/t
(Score: 0) by Anonymous Coward on Wednesday November 18 2020, @04:37PM
throw money at it until it sticks?
srsly ... after "secure boot" now this?
windows will never be secure until all mouse clicks and keyboard presses are each individually approved by the remote m$ mothership. tho knowing m$ even this is not guaranteed ^_^
(Score: 0) by Anonymous Coward on Wednesday November 18 2020, @05:18PM
Microsoft Puto [urbandictionary.com]