Microsoft has announced its Pluton processor, a forthcoming chip that lives apart from the main CPU and which will be available in future Windows 10 PCs.
The Microsoft Pluton processor is designed to improve protections against physical attacks and stop attackers stealing user credentials and encryption keys with malware. The chip should also help systems recover from software bugs.
Essentially, the Pluton chip is a Trusted Platform Module (TPM) that's isolated from the rest of the system to help protect encryption keys from attacks on the speculative execution process in CPUs[1].
Microsoft promises Pluton will make it easier to keep system firmware up to date, for example, in cases when TPM firmware for separate security processors is required.
In Intel's case, the Pluton processor will ship with future chips but will be isolated from their cores. However, at present there's no precise timeline for the appearance of the first Intel chips containing the Pluton security processor.
Pluton will be integrated with the Windows Update process on Windows 10 PCs, according to Microsoft. The chip is an up-dateable platform for running firmware that implements end-to-end security that is authored, maintained, and updated by Microsoft.
The firmware updates will follow the same process that the Azure Sphere Security Service uses to connect to IoT devices.
Microsoft notes that the Pluton design was in fact introduced as part of the integrated hardware and OS security capabilities in its Xbox One game console with AMD chips released in 2013, and also within Azure Sphere.
"Our question was how could we build the most secure PC by taking advantage of the best hardware Intel and others have and integrating that into the operating system. This is really the next evolution," David Weston, Microsoft's partner director of enterprise and OS security, told ZDNet.