1
00:00:00,000 --> 00:00:04,640
When it launched, Windows 11 confused a lot of people over its requirement that your PC

2
00:00:04,640 --> 00:00:09,240
have a security chip called a TPM or a trusted platform module.

3
00:00:09,240 --> 00:00:13,480
But now, Microsoft wants to transition away from the TPM and instead implement its own

4
00:00:13,480 --> 00:00:17,200
security chip inside of upcoming CPUs.

5
00:00:17,200 --> 00:00:21,160
Microsoft calls this new chip, Pluton.

6
00:00:21,160 --> 00:00:27,280
But why is this a big deal? It helps to first understand the limitations of the current TPM system.

7
00:00:27,280 --> 00:00:32,480
TPMs contain the keys needed to encrypt and decrypt data on your devices, and they can

8
00:00:32,480 --> 00:00:36,560
either come in the form of a separate chip that sits on your motherboard, you can actually

9
00:00:36,560 --> 00:00:42,520
buy them for your desktop, or as a firmware TPM, which consists of code that hangs out

10
00:00:42,520 --> 00:00:46,840
either on your system's chipset or on the CPU itself.

11
00:00:46,840 --> 00:00:51,920
Most CPU platforms manufactured these days have some form of firmware TPM built in, hence

12
00:00:51,920 --> 00:00:56,320
the reason Microsoft says you're probably okay to upgrade to Windows 11 if you have

13
00:00:56,320 --> 00:01:01,120
a recently built PC. But TPM is far from perfect.

14
00:01:01,120 --> 00:01:06,920
It's certainly better than nothing, but it turns out it's not particularly hard to defeat if an attacker knows what they're doing.

15
00:01:06,920 --> 00:01:11,560
A key weakness can be found in the connection between the TPM and the BIOS.

16
00:01:11,560 --> 00:01:16,000
You can actually connect a sniffing device to the pins on the TPM chip and obtain the

17
00:01:16,000 --> 00:01:22,200
key you're looking for in a matter of minutes. Of course, you need physical access to the target PC in order to pull off an attack like

18
00:01:22,200 --> 00:01:27,240
this, but seeing as how the TPM was meant to help protect computers, even if a miscreant

19
00:01:27,240 --> 00:01:30,920
had physical access, it's a pretty big liability.

20
00:01:30,920 --> 00:01:36,840
But say you're running a firmware TPM implementation, well, these can still have their own vulnerabilities.

21
00:01:36,840 --> 00:01:41,920
The well-publicized Spectre and Meltdown exploits have shown that attackers can grab data directly

22
00:01:41,920 --> 00:01:48,440
off a CPU. Even if that data is subject to enhanced security, it can still be obtained, such as in the Platypus

23
00:01:48,440 --> 00:01:53,640
attack that bypasses Intel's software guard extensions, or SGX.

24
00:01:53,640 --> 00:01:59,120
This feature is supposed to create a secured area of the processor, but not only does Platypus

25
00:01:59,120 --> 00:02:04,440
defeat it, physical access isn't even required to attack the secured area.

26
00:02:04,440 --> 00:02:10,120
Pluton is, in theory, I just love that name, supposed to go a long way towards solving

27
00:02:10,120 --> 00:02:16,800
these problems. Pluton doesn't use a separate chip at all, instead it's baked directly onto the CPU die,

28
00:02:16,800 --> 00:02:21,680
so there isn't a risk of snatching data off a communication bus like you can with a discrete

29
00:02:21,680 --> 00:02:28,400
TPM module. But how is Pluton different from firmware TPM, since those already run directly on the

30
00:02:28,400 --> 00:02:35,480
CPU? So a firmware TPM runs its code on the same main CPU cores that run your other programs,

31
00:02:35,480 --> 00:02:40,520
so a successful attack on something else the CPU is running could compromise the firmware

32
00:02:40,520 --> 00:02:46,760
TPM. Pluton, on the other hand, works by adding additional hardware that's on the CPU die,

33
00:02:46,760 --> 00:02:51,160
but is separate from the main processing cores, making it more difficult to attack, even if

34
00:02:51,160 --> 00:02:58,320
the bad guy has physical access to the computer. Additionally, Microsoft is going to be responsible for issuing firmware updates for Pluton rather

35
00:02:58,320 --> 00:03:03,860
than motherboard manufacturers, who typically release new firmware versions much less frequently.

36
00:03:03,860 --> 00:03:07,720
This should help keep computers safer from new and evolving threats.

37
00:03:07,720 --> 00:03:12,200
The first PCs with Pluton built in should start hitting store shelves in mid-2022, but

38
00:03:12,200 --> 00:03:20,280
Pluton actually isn't even brand new. The chips have actually been used since 2013 in Xbox consoles to make it harder to play

39
00:03:20,280 --> 00:03:25,740
pirated titles, which actually brings us to a concern some users have about Pluton.

40
00:03:25,740 --> 00:03:30,680
Some fear that Microsoft could use Pluton to lock down PCs and exert too much control

41
00:03:30,680 --> 00:03:34,800
over what consumers can and cannot run on their own machines.

42
00:03:34,800 --> 00:03:40,480
We do know that CPUs with Pluton will work and run on Linux, but if you want Pluton's

43
00:03:40,480 --> 00:03:45,440
extra features, the specific Linux distro you're using would need to be able to support

44
00:03:45,440 --> 00:03:50,360
for those. So the only time will tell if these concerns about Pluton are warranted, but I'm sure we

45
00:03:50,360 --> 00:03:53,520
can all agree that we trust Microsoft, right?

46
00:03:53,520 --> 00:04:02,840
They made this stuff.