{"video_id":"heUoHPd-_N0","title":"A New Chip From...Microsoft?! (Pluton Explained)","channel":"Techquickie","show":"Techquickie","published_at":"2022-05-05T14:58:16Z","duration_s":276,"segments":[{"start_s":0.16,"end_s":6.48,"text":"when it launched Windows 11 confused a lot of people over its requirement that","speaker":null,"is_sponsor":0},{"start_s":4.0,"end_s":11.519,"text":"your pc have a security chip called a tpm or a trusted platform module but now","speaker":null,"is_sponsor":0},{"start_s":9.519,"end_s":16.88,"text":"microsoft wants to transition away from the tpm and instead implement its own","speaker":null,"is_sponsor":0},{"start_s":13.44,"end_s":19.039,"text":"security chip inside of upcoming cpus","speaker":null,"is_sponsor":0},{"start_s":16.88,"end_s":22.96,"text":"microsoft calls this new chip pluton","speaker":null,"is_sponsor":0},{"start_s":20.8,"end_s":28.72,"text":"but why is this a big deal it helps to first understand the limitations of the","speaker":null,"is_sponsor":0},{"start_s":25.279,"end_s":31.039,"text":"current tpm system tpms contain the keys","speaker":null,"is_sponsor":0},{"start_s":28.72,"end_s":35.12,"text":"needed to encrypt and decrypt data on your devices and they can either come in","speaker":null,"is_sponsor":0},{"start_s":33.12,"end_s":39.2,"text":"the form of a separate chip that sits on your motherboard you can actually buy","speaker":null,"is_sponsor":0},{"start_s":36.719,"end_s":43.6,"text":"them for for your desktop or as a firmware tpm which consists of code that","speaker":null,"is_sponsor":0},{"start_s":41.92,"end_s":49.12,"text":"hangs out either on your system's chipset or on the CPU itself most CPU","speaker":null,"is_sponsor":0},{"start_s":47.2,"end_s":53.84,"text":"platforms manufactured these days have some form of firmware tpm built in hence","speaker":null,"is_sponsor":0},{"start_s":51.84,"end_s":59.44,"text":"the reason microsoft says you're probably okay to upgrade to Windows 11","speaker":null,"is_sponsor":0},{"start_s":55.92,"end_s":61.359,"text":"if you have a recently built pc but tpm","speaker":null,"is_sponsor":0},{"start_s":59.44,"end_s":64.72,"text":"is far from perfect it's certainly better than nothing but it turns out","speaker":null,"is_sponsor":0},{"start_s":62.8,"end_s":68.64,"text":"it's not particularly hard to defeat if an attacker knows what they're doing a","speaker":null,"is_sponsor":0},{"start_s":66.96,"end_s":73.119,"text":"key weakness can be found in the connection between the tpm and the BIOS","speaker":null,"is_sponsor":0},{"start_s":71.28,"end_s":77.04,"text":"you can actually connect a sniffing device to the pins on the tpm chip and","speaker":null,"is_sponsor":0},{"start_s":75.2,"end_s":80.72,"text":"obtain the key you're looking for in a matter of minutes of course you need","speaker":null,"is_sponsor":0},{"start_s":78.88,"end_s":84.88,"text":"physical access to the target pc in order to pull off an attack like this","speaker":null,"is_sponsor":0},{"start_s":82.4,"end_s":88.799,"text":"but seeing as how the tpm was meant to help protect computers even if a","speaker":null,"is_sponsor":0},{"start_s":86.64,"end_s":92.88,"text":"miscreant had physical access it's a pretty big liability","speaker":null,"is_sponsor":0},{"start_s":90.56,"end_s":95.68,"text":"but say you're running a firmware tpm implementation well","speaker":null,"is_sponsor":0},{"start_s":94.56,"end_s":99.52,"text":"these can still have their own vulnerabilities the well-publicized","speaker":null,"is_sponsor":0},{"start_s":97.6,"end_s":104.479,"text":"spectre and meltdown exploits have shown that attackers can grab data directly","speaker":null,"is_sponsor":0},{"start_s":101.92,"end_s":109.04,"text":"off a CPU even if that data is subject to enhanced security it can still be","speaker":null,"is_sponsor":0},{"start_s":106.32,"end_s":114.079,"text":"obtained such as in the platypus attack that bypasses Intel software guard","speaker":null,"is_sponsor":0},{"start_s":111.2,"end_s":119.04,"text":"extensions or sgx this feature is supposed to create a secured area of the","speaker":null,"is_sponsor":0},{"start_s":116.72,"end_s":124.24,"text":"processor but not only does platypus defeat it physical access isn't even","speaker":null,"is_sponsor":0},{"start_s":121.2,"end_s":126.64,"text":"required to attack the secured area","speaker":null,"is_sponsor":0},{"start_s":124.24,"end_s":131.68,"text":"pluton is in theory i just love that name supposed to go a long way toward","speaker":null,"is_sponsor":0},{"start_s":129.679,"end_s":137.36,"text":"solving these problems pluton doesn't use a separate chip at all instead it's","speaker":null,"is_sponsor":0},{"start_s":134.319,"end_s":139.2,"text":"baked directly onto the CPU die so there","speaker":null,"is_sponsor":0},{"start_s":137.36,"end_s":144.08,"text":"isn't a risk of snatching data off a communication bus like you can with a","speaker":null,"is_sponsor":0},{"start_s":141.12,"end_s":149.28,"text":"discrete tpm module but how is pluton different from firmware tpm since those","speaker":null,"is_sponsor":0},{"start_s":146.64,"end_s":152.56,"text":"also run directly on the CPU we'll tell you right after we thank","speaker":null,"is_sponsor":0},{"start_s":150.72,"end_s":156.72,"text":"brilliant for sponsoring this video brilliant is a website and app built","speaker":null,"is_sponsor":0},{"start_s":154.319,"end_s":160.64,"text":"around active learning trade boring long lectures for problem solving and","speaker":null,"is_sponsor":0},{"start_s":158.56,"end_s":164.48,"text":"interactive visuals there's over 60 courses on everything from astronomy to","speaker":null,"is_sponsor":0},{"start_s":162.48,"end_s":168.08,"text":"programming and one of our favorites is the calculus in a nutshell course it","speaker":null,"is_sponsor":0},{"start_s":166.64,"end_s":172.4,"text":"gives you a clear sense of the major pillars of calculus with new increased","speaker":null,"is_sponsor":0},{"start_s":170.239,"end_s":175.84,"text":"interactive sections join the community of over 10 million learners and","speaker":null,"is_sponsor":0},{"start_s":173.92,"end_s":180.8,"text":"educators today and the first 200 people who head to brilliant.org techwiki will","speaker":null,"is_sponsor":0},{"start_s":178.4,"end_s":184.8,"text":"get 20 off an annual premium subscription","speaker":null,"is_sponsor":0},{"start_s":182.0,"end_s":189.519,"text":"so a firmware tpm runs its code on the same main CPU cores that run your other","speaker":null,"is_sponsor":0},{"start_s":187.36,"end_s":195.04,"text":"programs so a successful attack on something else the CPU is running could","speaker":null,"is_sponsor":0},{"start_s":192.08,"end_s":199.12,"text":"compromise the firmware tpm pluton on the other hand works by adding","speaker":null,"is_sponsor":0},{"start_s":196.64,"end_s":202.48,"text":"additional hardware that's on the CPU die but is separate from the main","speaker":null,"is_sponsor":0},{"start_s":200.72,"end_s":206.56,"text":"processing cores making it more difficult to attack even if the bad guy","speaker":null,"is_sponsor":0},{"start_s":204.56,"end_s":210.239,"text":"has physical access to the computer additionally microsoft is going to be","speaker":null,"is_sponsor":0},{"start_s":208.64,"end_s":213.76,"text":"responsible for issuing firmware updates for pluton rather than motherboard","speaker":null,"is_sponsor":0},{"start_s":211.84,"end_s":217.12,"text":"manufacturers who typically release new firmware versions","speaker":null,"is_sponsor":0},{"start_s":215.2,"end_s":221.519,"text":"much less frequently this should help keep computers safer from new and","speaker":null,"is_sponsor":0},{"start_s":219.2,"end_s":225.36,"text":"evolving threats the first pcs with pluton built in should start hitting","speaker":null,"is_sponsor":0},{"start_s":222.799,"end_s":230.72,"text":"store shelves in mid 2022 but pluton actually isn't even brand new the chips","speaker":null,"is_sponsor":0},{"start_s":227.84,"end_s":235.519,"text":"have actually been used since 2013 in xbox consoles to make it harder to play","speaker":null,"is_sponsor":0},{"start_s":233.04,"end_s":239.68,"text":"pirated titles which actually brings us to a concern some users have about","speaker":null,"is_sponsor":0},{"start_s":237.36,"end_s":245.28,"text":"pluton some fear that microsoft could use pluton to lock down pcs and exert","speaker":null,"is_sponsor":0},{"start_s":242.64,"end_s":250.879,"text":"too much control over what consumers can and cannot run on their own machines we","speaker":null,"is_sponsor":0},{"start_s":247.68,"end_s":252.72,"text":"do know that cpus with pluton will work","speaker":null,"is_sponsor":0},{"start_s":250.879,"end_s":256.88,"text":"and run on Linux but if you want pluton's extra features the specific","speaker":null,"is_sponsor":0},{"start_s":254.799,"end_s":261.28,"text":"Linux distro you're using would need to be enable support for those so the only","speaker":null,"is_sponsor":0},{"start_s":259.44,"end_s":266.16,"text":"time we'll tell if these concerns about fluton are warranted but i'm sure we can","speaker":null,"is_sponsor":0},{"start_s":263.36,"end_s":270.24,"text":"all agree that we trust microsoft right they made vista thanks for watching guys","speaker":null,"is_sponsor":0},{"start_s":268.88,"end_s":274.08,"text":"if you liked this video hit like hit subscribe and hit us up in the comment","speaker":null,"is_sponsor":0},{"start_s":271.919,"end_s":277.12,"text":"section with your ideas for topics that we should cover in the future","speaker":null,"is_sponsor":0}],"full_text":"when it launched Windows 11 confused a lot of people over its requirement that your pc have a security chip called a tpm or a trusted platform module but now microsoft wants to transition away from the tpm and instead implement its own security chip inside of upcoming cpus microsoft calls this new chip pluton but why is this a big deal it helps to first understand the limitations of the current tpm system tpms contain the keys needed to encrypt and decrypt data on your devices and they can either come in the form of a separate chip that sits on your motherboard you can actually buy them for for your desktop or as a firmware tpm which consists of code that hangs out either on your system's chipset or on the CPU itself most CPU platforms manufactured these days have some form of firmware tpm built in hence the reason microsoft says you're probably okay to upgrade to Windows 11 if you have a recently built pc but tpm is far from perfect it's certainly better than nothing but it turns out it's not particularly hard to defeat if an attacker knows what they're doing a key weakness can be found in the connection between the tpm and the BIOS you can actually connect a sniffing device to the pins on the tpm chip and obtain the key you're looking for in a matter of minutes of course you need physical access to the target pc in order to pull off an attack like this but seeing as how the tpm was meant to help protect computers even if a miscreant had physical access it's a pretty big liability but say you're running a firmware tpm implementation well these can still have their own vulnerabilities the well-publicized spectre and meltdown exploits have shown that attackers can grab data directly off a CPU even if that data is subject to enhanced security it can still be obtained such as in the platypus attack that bypasses Intel software guard extensions or sgx this feature is supposed to create a secured area of the processor but not only does platypus defeat it physical access isn't even required to attack the secured area pluton is in theory i just love that name supposed to go a long way toward solving these problems pluton doesn't use a separate chip at all instead it's baked directly onto the CPU die so there isn't a risk of snatching data off a communication bus like you can with a discrete tpm module but how is pluton different from firmware tpm since those also run directly on the CPU we'll tell you right after we thank brilliant for sponsoring this video brilliant is a website and app built around active learning trade boring long lectures for problem solving and interactive visuals there's over 60 courses on everything from astronomy to programming and one of our favorites is the calculus in a nutshell course it gives you a clear sense of the major pillars of calculus with new increased interactive sections join the community of over 10 million learners and educators today and the first 200 people who head to brilliant.org techwiki will get 20 off an annual premium subscription so a firmware tpm runs its code on the same main CPU cores that run your other programs so a successful attack on something else the CPU is running could compromise the firmware tpm pluton on the other hand works by adding additional hardware that's on the CPU die but is separate from the main processing cores making it more difficult to attack even if the bad guy has physical access to the computer additionally microsoft is going to be responsible for issuing firmware updates for pluton rather than motherboard manufacturers who typically release new firmware versions much less frequently this should help keep computers safer from new and evolving threats the first pcs with pluton built in should start hitting store shelves in mid 2022 but pluton actually isn't even brand new the chips have actually been used since 2013 in xbox consoles to make it harder to play pirated titles which actually brings us to a concern some users have about pluton some fear that microsoft could use pluton to lock down pcs and exert too much control over what consumers can and cannot run on their own machines we do know that cpus with pluton will work and run on Linux but if you want pluton's extra features the specific Linux distro you're using would need to be enable support for those so the only time we'll tell if these concerns about fluton are warranted but i'm sure we can all agree that we trust microsoft right they made vista thanks for watching guys if you liked this video hit like hit subscribe and hit us up in the comment section with your ideas for topics that we should cover in the future"}