1
00:00:00,160 --> 00:00:06,480
when it launched Windows 11 confused a lot of people over its requirement that

2
00:00:04,000 --> 00:00:11,519
your pc have a security chip called a tpm or a trusted platform module but now

3
00:00:09,519 --> 00:00:16,880
microsoft wants to transition away from the tpm and instead implement its own

4
00:00:13,440 --> 00:00:19,039
security chip inside of upcoming cpus

5
00:00:16,880 --> 00:00:22,960
microsoft calls this new chip pluton

6
00:00:20,800 --> 00:00:28,720
but why is this a big deal it helps to first understand the limitations of the

7
00:00:25,279 --> 00:00:31,039
current tpm system tpms contain the keys

8
00:00:28,720 --> 00:00:35,120
needed to encrypt and decrypt data on your devices and they can either come in

9
00:00:33,120 --> 00:00:39,200
the form of a separate chip that sits on your motherboard you can actually buy

10
00:00:36,719 --> 00:00:43,600
them for for your desktop or as a firmware tpm which consists of code that

11
00:00:41,920 --> 00:00:49,120
hangs out either on your system's chipset or on the CPU itself most CPU

12
00:00:47,200 --> 00:00:53,840
platforms manufactured these days have some form of firmware tpm built in hence

13
00:00:51,840 --> 00:00:59,440
the reason microsoft says you're probably okay to upgrade to Windows 11

14
00:00:55,920 --> 00:01:01,359
if you have a recently built pc but tpm

15
00:00:59,440 --> 00:01:04,720
is far from perfect it's certainly better than nothing but it turns out

16
00:01:02,800 --> 00:01:08,640
it's not particularly hard to defeat if an attacker knows what they're doing a

17
00:01:06,960 --> 00:01:13,119
key weakness can be found in the connection between the tpm and the BIOS

18
00:01:11,280 --> 00:01:17,040
you can actually connect a sniffing device to the pins on the tpm chip and

19
00:01:15,200 --> 00:01:20,720
obtain the key you're looking for in a matter of minutes of course you need

20
00:01:18,880 --> 00:01:24,880
physical access to the target pc in order to pull off an attack like this

21
00:01:22,400 --> 00:01:28,799
but seeing as how the tpm was meant to help protect computers even if a

22
00:01:26,640 --> 00:01:32,880
miscreant had physical access it's a pretty big liability

23
00:01:30,560 --> 00:01:35,680
but say you're running a firmware tpm implementation well

24
00:01:34,560 --> 00:01:39,520
these can still have their own vulnerabilities the well-publicized

25
00:01:37,600 --> 00:01:44,479
spectre and meltdown exploits have shown that attackers can grab data directly

26
00:01:41,920 --> 00:01:49,040
off a CPU even if that data is subject to enhanced security it can still be

27
00:01:46,320 --> 00:01:54,079
obtained such as in the platypus attack that bypasses Intel software guard

28
00:01:51,200 --> 00:01:59,040
extensions or sgx this feature is supposed to create a secured area of the

29
00:01:56,720 --> 00:02:04,240
processor but not only does platypus defeat it physical access isn't even

30
00:02:01,200 --> 00:02:06,640
required to attack the secured area

31
00:02:04,240 --> 00:02:11,680
pluton is in theory i just love that name supposed to go a long way toward

32
00:02:09,679 --> 00:02:17,360
solving these problems pluton doesn't use a separate chip at all instead it's

33
00:02:14,319 --> 00:02:19,200
baked directly onto the CPU die so there

34
00:02:17,360 --> 00:02:24,080
isn't a risk of snatching data off a communication bus like you can with a

35
00:02:21,120 --> 00:02:29,280
discrete tpm module but how is pluton different from firmware tpm since those

36
00:02:26,640 --> 00:02:32,560
also run directly on the CPU we'll tell you right after we thank

37
00:02:30,720 --> 00:02:36,720
brilliant for sponsoring this video brilliant is a website and app built

38
00:02:34,319 --> 00:02:40,640
around active learning trade boring long lectures for problem solving and

39
00:02:38,560 --> 00:02:44,480
interactive visuals there's over 60 courses on everything from astronomy to

40
00:02:42,480 --> 00:02:48,080
programming and one of our favorites is the calculus in a nutshell course it

41
00:02:46,640 --> 00:02:52,400
gives you a clear sense of the major pillars of calculus with new increased

42
00:02:50,239 --> 00:02:55,840
interactive sections join the community of over 10 million learners and

43
00:02:53,920 --> 00:03:00,800
educators today and the first 200 people who head to brilliant.org techwiki will

44
00:02:58,400 --> 00:03:04,800
get 20 off an annual premium subscription

45
00:03:02,000 --> 00:03:09,519
so a firmware tpm runs its code on the same main CPU cores that run your other

46
00:03:07,360 --> 00:03:15,040
programs so a successful attack on something else the CPU is running could

47
00:03:12,080 --> 00:03:19,120
compromise the firmware tpm pluton on the other hand works by adding

48
00:03:16,640 --> 00:03:22,480
additional hardware that's on the CPU die but is separate from the main

49
00:03:20,720 --> 00:03:26,560
processing cores making it more difficult to attack even if the bad guy

50
00:03:24,560 --> 00:03:30,239
has physical access to the computer additionally microsoft is going to be

51
00:03:28,640 --> 00:03:33,760
responsible for issuing firmware updates for pluton rather than motherboard

52
00:03:31,840 --> 00:03:37,120
manufacturers who typically release new firmware versions

53
00:03:35,200 --> 00:03:41,519
much less frequently this should help keep computers safer from new and

54
00:03:39,200 --> 00:03:45,360
evolving threats the first pcs with pluton built in should start hitting

55
00:03:42,799 --> 00:03:50,720
store shelves in mid 2022 but pluton actually isn't even brand new the chips

56
00:03:47,840 --> 00:03:55,519
have actually been used since 2013 in xbox consoles to make it harder to play

57
00:03:53,040 --> 00:03:59,680
pirated titles which actually brings us to a concern some users have about

58
00:03:57,360 --> 00:04:05,280
pluton some fear that microsoft could use pluton to lock down pcs and exert

59
00:04:02,640 --> 00:04:10,879
too much control over what consumers can and cannot run on their own machines we

60
00:04:07,680 --> 00:04:12,720
do know that cpus with pluton will work

61
00:04:10,879 --> 00:04:16,880
and run on Linux but if you want pluton's extra features the specific

62
00:04:14,799 --> 00:04:21,280
Linux distro you're using would need to be enable support for those so the only

63
00:04:19,440 --> 00:04:26,160
time we'll tell if these concerns about fluton are warranted but i'm sure we can

64
00:04:23,360 --> 00:04:30,240
all agree that we trust microsoft right they made vista thanks for watching guys

65
00:04:28,880 --> 00:04:34,080
if you liked this video hit like hit subscribe and hit us up in the comment

66
00:04:31,919 --> 00:04:37,120
section with your ideas for topics that we should cover in the future