Microsoft Is Making a Secure PC Chip—With Intel and AMD's Help - You will own nothing, and you will be happy

  • The site is having difficulties because our bandwidth is totally overextended. Our 1Gbps line is at 100% even when there aren't 8000 people on the site. We were supposed to get a second Gbps line months ago but I'm struggling to get technicians scheduled to set it up.

Ponchik

fake and gay
kiwifarms.net
Joined
Jan 31, 2018
The most sensitive parts of your computer have come to live in a distinct hardware component known as a "secure enclave." These chips are designed not only to keep hackers from accessing your system's crown jewels, but to establish a "root of trust," running cryptographic checks to ensure that no hacker has maliciously altered them. Historically, companies like Intel, AMD, and Qualcomm have developed their own versions of these protective tools. But now Microsoft is partnering with all three to create a new secure chip aimed at bringing enhanced security to the Windows masses.

It's early days still, but the idea is that eventually the Microsoft Pluton processor will come standard with mainstream CPUs as part of a "system on a chip," where all the main components of a computer are housed together for efficiency and speed. Apple announced last week that its new in-house M1 processor for Macs would take that approach, incorporating its security processor with the SoC rather than as a distinct T2 chip as in recent models. Apple's controlled, top-down ecosystem allows the company to push updates easily to nearly its entire population of products. The world of Windows isn't nearly as tidy. But Microsoft's goal with Pluton is to make root of trust protections ubiquitous despite the diverse range of manufacturers who license its operating system.

"What we’ve done here is we’ve said, let’s not change the nature of the PC ecosystem—keep the choice, keep the customer variety," says David Weston, Microsoft's director of enterprise and operating system security. "But when it matters, which is where your encryption keys are stored, how you boot the system, now Microsoft writes the code for Pluton and works with Intel or others to get it signed and delivered. So there are fewer people involved, and the PC is going to be more secure for it. The fact that Microsoft designed a processor and Intel is putting it in their CPU—that’s like a head-exploding concept."

Ubiquity comes with its own risks. Elements designed for security can quickly become a single point of failure if they can no longer be trusted themselves. That's not just a theoretical problem; weaknesses have been found in the secure enclaves of tech giants like Apple, Cisco, and Intel. But proponents emphasize that the mechanisms still raise baseline security for all devices that contain them, even if they sometimes prove fallible.

With this concern in mind, Microsoft views Pluton as an option that can be implemented in different ways by different silicon vendors. It can supplement, rather than replace, other secure enclaves that device manufacturers may want to use instead. For example, AMD says that its Security Processor will work alongside Pluton to act as the hardware root of trust for the silicon chips in a system and their firmware, while Pluton can provide the root of trust for Windows.

"Working with partners like Microsoft allows us to make an even bigger impact," AMD head of product security Jason Thomas said in a statement.

Microsoft also has specific past experience developing chips that resist attacks both digitally and physically. For almost a decade, Xbox gaming consoles have been a rare example of popular, ubiquitous devices that are difficult to hack and alter even when you can take the device apart and mess with its internals. Microsoft intentionally built Xbox systems to be difficult to "mod," and these defenses have been successful so far. Along with the company's secure internet-of-things service Azure Sphere, Xbox has helped Microsoft test the viability of a protection like Pluton.

Pluton also directly addresses a sophisticated avenue of attack against secure enclaves. Hackers have begun to target the internal connectors, or "buses," that link security chips to main computer processors, sniffing out ways that data might leak along the way. And processor makers, particularly Intel, have grappled with how to secure features like Intel’s SGX, which creates encrypted enclaves inside regular CPUs but has been repeatedly defeated. By working directly with chipmakers to add Pluton as a system-on-a-chip component, Microsoft aims to eliminate these attack vectors.

"We're trying to keep the hardware as simple as possible, that way there's not a big surface area," says Mike Nordquist, director of strategic planning and architecture for Intel's business client group. "The firmware is also easily updatable. And the cool part is this is all an evolution. When you shut down one avenue, the hackers are going to go somewhere else, so our goal is to bring the bar up every year and be ready for whatever comes next."
Pluton chips won't appear on CPUs for more than a year, but Nordquist says that Intel is actively working on the integration. And the company plans to offer the addition at low or no additional cost to make it possible for Pluton-equipped CPUs to truly proliferate whether a manufacturer is actively looking for such a feature or not.

Microsoft's Weston is realistic; he says no protection is foolproof, but he emphasizes that Microsoft and its Pluton partners are putting a lot of effort into striking a balance between developing sophisticated, capable hardware and leaving enough to firmware that they can still patch most bugs and vulnerabilities. If something's wrong with the chip itself, there's no such easy fix. Weston adds that Microsoft's Red Team has been hard at work trying to find Pluton's flaws. "They would love to have broken this in a way that would have made us rethink things," he says.
rms.png
 

(not) y2k compliant

Zu Warriors from the Magic Mountain (1983)
kiwifarms.net
Joined
Feb 22, 2018
Remember kids, never get rid of your old PCs, you never know when you may need something without a security chip in it that you can still load FSF software on. Reason I hold on to my Phenom II still, one of the fastest chips you can get with no embedded arm security processor, AMD started that bullshit with the FX line.
 

Never Scored

True & Honest Fan
kiwifarms.net
Joined
Aug 21, 2019
lol it's really going to get to the point where if you're any kind of hobbyist and like trying new operating systems or hacking your shit you're going to have to get a Raspberry Pi or Pinebook or one of those Odroid machines, isn't it? How far out is that? A decade?
 

Never Scored

True & Honest Fan
kiwifarms.net
Joined
Aug 21, 2019
Apple has you explicitly locked into their operating system when you buy a Apple Silicon Mac. Microsoft seems to be working on it with AMD and Intel. Apple forces you to go into settings every time you try to launch an unapproved app in OS X. Windows has the option to disable programs that aren't from the Microsoft store buried in settings. It's only a matter of time until the other shoe drops and you can only install stuff from app stores for your own protection by default on desktop pcs just like a phone or tablet. If we're lucky there'll be an option to turn it off burried in the settings like Android.
 

AmpleApricots

kiwifarms.net
Joined
Jan 28, 2018
Apple has you explicitly locked into their operating system when you buy a Apple Silicon Mac. Microsoft seems to be working on it with AMD and Intel. Apple forces you to go into settings every time you try to launch an unapproved app in OS X. Windows has the option to disable programs that aren't from the Microsoft store buried in settings. It's only a matter of time until the other shoe drops and you can only install stuff from app stores for your own protection by default on desktop pcs just like a phone or tablet. If we're lucky there'll be an option to turn it off burried in the settings like Android.

I haven't used a proprietary OS in almost two decades now primarily and I can't even begin to imagine why "professional" people would put up with garbage like that. It seems almost too much already sometimes what kind of obfuscated, big-tech backed garbage "FOSS"-"Developers" and Linux distro maintainers try to push on you sometimes, but that stuff is quaint in comparison.
 

Never Scored

True & Honest Fan
kiwifarms.net
Joined
Aug 21, 2019
I haven't used a proprietary OS in almost two decades now primarily and I can't even begin to imagine why "professional" people would put up with garbage like that. It seems almost too much already sometimes what kind of obfuscated, big-tech backed garbage "FOSS"-"Developers" and Linux distro maintainers try to push on you sometimes, but that stuff is quaint in comparison.
We're in this weird place where we have viable free, open-source alternatives, Libre Office can do everything Microsoft Office can do, and Librecad can do most of the things Autocad LT can do, for example, but because they are not perfectly compatible with past documents created in their proprietary counterparts and the baby boomers in charge of everything have lost all plasticity from their brains and refuse to adapt to different software, most businesses are unwilling to switch.
 
Last edited:

Ponchik

fake and gay
kiwifarms.net
Joined
Jan 31, 2018
Remember kids, never get rid of your old PCs, you never know when you may need something without a security chip in it that you can still load FSF software on. Reason I hold on to my Phenom II still, one of the fastest chips you can get with no embedded arm security processor, AMD started that bullshit with the FX line.
i thought the fx lineup was the last one without the amd psp and the fx 8350 was the fastest non-pozzed cpu money could buy... except it's an fx cpu, so...

also i appreciate the sentiment, but of course, microsoft is hellbent on pozzing every single newly manufactured x86 cpu (with intel and amd's permission) from now until the heat death of the universe. eventually you're probably going to have to interact with a pc that's been tainted with this shitty draconian pluton chip. i couldn't find many people talking about this thing, which troubled the hell out of me - this is one of the most insidious things ms has done in years, and it's definitely one of the most evil tech headlines i've seen in a while. i really don't know what i'm going to do about buying a new cpu in the future, the last thing i want in my pc is fucking microsoft silicon. this is fucking palladium all over again and no1 currs

i'm tired of people pretending that ms is benign these days when i think they're even more vile now than they were under gates and ballmer. never forget the real big tech acronym:
1564100253474.png
 

(not) y2k compliant

Zu Warriors from the Magic Mountain (1983)
kiwifarms.net
Joined
Feb 22, 2018
eventually you're probably going to have to interact with a pc that's been tainted with this shitty draconian pluton chip.
You're not wrong at all. I do foresee a future where some computing is done on "old world" hardware, and the rest done on a """""trusted""""" platform. Even if its something as silly as playing a pirated game, I'm sure there will be a point of all binary needing to be verified before allowing to execute (see: Apple). Everything in computing and for that matter fucking human communication has a rather grim outlook, and I'm not even sure the old adage of "the only winning move is not to play" even works in real world practicality.
 

Agent Abe Caprine

Ass is where I berong
kiwifarms.net
Joined
Dec 16, 2019
Apple has you explicitly locked into their operating system when you buy a Apple Silicon Mac. Microsoft seems to be working on it with AMD and Intel. Apple forces you to go into settings every time you try to launch an unapproved app in OS X. Windows has the option to disable programs that aren't from the Microsoft store buried in settings.
Microsoft attempted this a few years back with Windows 10 S. No one wanted it and only the most unfortunate used it.

Edit: There's an S mode. Just found that out. What kind of nutcase uses a mode that locks you out of installing Cataclysm?
 
Last edited: