WEBVTT

00:00:00.160 --> 00:00:06.480
when it launched Windows 11 confused a lot of people over its requirement that

00:00:04.000 --> 00:00:11.519
your pc have a security chip called a tpm or a trusted platform module but now

00:00:09.519 --> 00:00:16.880
microsoft wants to transition away from the tpm and instead implement its own

00:00:13.440 --> 00:00:19.039
security chip inside of upcoming cpus

00:00:16.880 --> 00:00:22.960
microsoft calls this new chip pluton

00:00:20.800 --> 00:00:28.720
but why is this a big deal it helps to first understand the limitations of the

00:00:25.279 --> 00:00:31.039
current tpm system tpms contain the keys

00:00:28.720 --> 00:00:35.120
needed to encrypt and decrypt data on your devices and they can either come in

00:00:33.120 --> 00:00:39.200
the form of a separate chip that sits on your motherboard you can actually buy

00:00:36.719 --> 00:00:43.600
them for for your desktop or as a firmware tpm which consists of code that

00:00:41.920 --> 00:00:49.120
hangs out either on your system's chipset or on the CPU itself most CPU

00:00:47.200 --> 00:00:53.840
platforms manufactured these days have some form of firmware tpm built in hence

00:00:51.840 --> 00:00:59.440
the reason microsoft says you're probably okay to upgrade to Windows 11

00:00:55.920 --> 00:01:01.359
if you have a recently built pc but tpm

00:00:59.440 --> 00:01:04.720
is far from perfect it's certainly better than nothing but it turns out

00:01:02.800 --> 00:01:08.640
it's not particularly hard to defeat if an attacker knows what they're doing a

00:01:06.960 --> 00:01:13.119
key weakness can be found in the connection between the tpm and the BIOS

00:01:11.280 --> 00:01:17.040
you can actually connect a sniffing device to the pins on the tpm chip and

00:01:15.200 --> 00:01:20.720
obtain the key you're looking for in a matter of minutes of course you need

00:01:18.880 --> 00:01:24.880
physical access to the target pc in order to pull off an attack like this

00:01:22.400 --> 00:01:28.799
but seeing as how the tpm was meant to help protect computers even if a

00:01:26.640 --> 00:01:32.880
miscreant had physical access it's a pretty big liability

00:01:30.560 --> 00:01:35.680
but say you're running a firmware tpm implementation well

00:01:34.560 --> 00:01:39.520
these can still have their own vulnerabilities the well-publicized

00:01:37.600 --> 00:01:44.479
spectre and meltdown exploits have shown that attackers can grab data directly

00:01:41.920 --> 00:01:49.040
off a CPU even if that data is subject to enhanced security it can still be

00:01:46.320 --> 00:01:54.079
obtained such as in the platypus attack that bypasses Intel software guard

00:01:51.200 --> 00:01:59.040
extensions or sgx this feature is supposed to create a secured area of the

00:01:56.720 --> 00:02:04.240
processor but not only does platypus defeat it physical access isn't even

00:02:01.200 --> 00:02:06.640
required to attack the secured area

00:02:04.240 --> 00:02:11.680
pluton is in theory i just love that name supposed to go a long way toward

00:02:09.679 --> 00:02:17.360
solving these problems pluton doesn't use a separate chip at all instead it's

00:02:14.319 --> 00:02:19.200
baked directly onto the CPU die so there

00:02:17.360 --> 00:02:24.080
isn't a risk of snatching data off a communication bus like you can with a

00:02:21.120 --> 00:02:29.280
discrete tpm module but how is pluton different from firmware tpm since those

00:02:26.640 --> 00:02:32.560
also run directly on the CPU we'll tell you right after we thank

00:02:30.720 --> 00:02:36.720
brilliant for sponsoring this video brilliant is a website and app built

00:02:34.319 --> 00:02:40.640
around active learning trade boring long lectures for problem solving and

00:02:38.560 --> 00:02:44.480
interactive visuals there's over 60 courses on everything from astronomy to

00:02:42.480 --> 00:02:48.080
programming and one of our favorites is the calculus in a nutshell course it

00:02:46.640 --> 00:02:52.400
gives you a clear sense of the major pillars of calculus with new increased

00:02:50.239 --> 00:02:55.840
interactive sections join the community of over 10 million learners and

00:02:53.920 --> 00:03:00.800
educators today and the first 200 people who head to brilliant.org techwiki will

00:02:58.400 --> 00:03:04.800
get 20 off an annual premium subscription

00:03:02.000 --> 00:03:09.519
so a firmware tpm runs its code on the same main CPU cores that run your other

00:03:07.360 --> 00:03:15.040
programs so a successful attack on something else the CPU is running could

00:03:12.080 --> 00:03:19.120
compromise the firmware tpm pluton on the other hand works by adding

00:03:16.640 --> 00:03:22.480
additional hardware that's on the CPU die but is separate from the main

00:03:20.720 --> 00:03:26.560
processing cores making it more difficult to attack even if the bad guy

00:03:24.560 --> 00:03:30.239
has physical access to the computer additionally microsoft is going to be

00:03:28.640 --> 00:03:33.760
responsible for issuing firmware updates for pluton rather than motherboard

00:03:31.840 --> 00:03:37.120
manufacturers who typically release new firmware versions

00:03:35.200 --> 00:03:41.519
much less frequently this should help keep computers safer from new and

00:03:39.200 --> 00:03:45.360
evolving threats the first pcs with pluton built in should start hitting

00:03:42.799 --> 00:03:50.720
store shelves in mid 2022 but pluton actually isn't even brand new the chips

00:03:47.840 --> 00:03:55.519
have actually been used since 2013 in xbox consoles to make it harder to play

00:03:53.040 --> 00:03:59.680
pirated titles which actually brings us to a concern some users have about

00:03:57.360 --> 00:04:05.280
pluton some fear that microsoft could use pluton to lock down pcs and exert

00:04:02.640 --> 00:04:10.879
too much control over what consumers can and cannot run on their own machines we

00:04:07.680 --> 00:04:12.720
do know that cpus with pluton will work

00:04:10.879 --> 00:04:16.880
and run on Linux but if you want pluton's extra features the specific

00:04:14.799 --> 00:04:21.280
Linux distro you're using would need to be enable support for those so the only

00:04:19.440 --> 00:04:26.160
time we'll tell if these concerns about fluton are warranted but i'm sure we can

00:04:23.360 --> 00:04:30.240
all agree that we trust microsoft right they made vista thanks for watching guys

00:04:28.880 --> 00:04:34.080
if you liked this video hit like hit subscribe and hit us up in the comment

00:04:31.919 --> 00:04:37.120
section with your ideas for topics that we should cover in the future