[HN Gopher] "Microsoft Pluton Hardware Security Coming to Our CP...
___________________________________________________________________
"Microsoft Pluton Hardware Security Coming to Our CPUs": AMD,
Intel, Qualcomm
Author : vanburen
Score : 75 points
Date : 2020-11-23 20:25 UTC (2 hours ago)
(HTM) web link (www.anandtech.com)
(TXT) w3m dump (www.anandtech.com)
| intricatedetail wrote:
| Call me sceptical, but I hope m$ is not pulling Apple tricks to
| lock computers to their OS. Is this open source? Will consumer be
| able to audit it down to the silicon level?
| gotstad wrote:
| They already said it is OS agnostic. MS 2020 is far away from
| MS 2010.
|
| With regards to the auditing need, can you audit a CPU down to
| the silicon level today?
| Asmod4n wrote:
| Apple allows you to boot any OS you want on their apple silicon
| macs (as long as you have uploaded the key so it can verify the
| kernel you tell it to boot)
| gruez wrote:
| Isn't this basically fTPM (basically software TPM implemented in
| the trusted execution environment of the CPU) that both AMD and
| Intel already offer?
| warkdarrior wrote:
| It'll be built into the CPU, instead of having a separate chip,
| and seems to have secret-management functionality for user-
| specified keys, biometrics, etc.
| azalemeth wrote:
| A previous HN link is here --
| https://news.ycombinator.com/item?id=25131431 -- which links to
| MS's original press release --
| https://www.microsoft.com/security/blog/2020/11/17/meet-the-....
|
| That article explicitly states that it was designed originally
| for the xbox. I worry that going to be a very anti-consumer,
| anti-free-speech, DRM heavy chip that MS want to popularise as an
| alternative to the (still hated in some circles) TPM. Why else
| would they design it for the xbox, of all things? Is it aimed to
| stop speculative execution attacks on a cloud server, or provide
| Level 4 DRM to Widevine's as-yet-unannounced competitor?
| gotstad wrote:
| How do you see it being anti-free-speech?
| [deleted]
| dpoochieni wrote:
| Imagine it being capable of enforcing something like which
| executables you are able to load... Quite in the vein of Apple
| sending the executables hash to some random server
| mtgx wrote:
| > chip-to-cloud security
|
| I assume this also means _cloud_ -to-chip, which means it might
| give Microsoft/NSA the ability to tap into it at will "from the
| cloud"?
|
| After all, Windows 10's tracking features were like a longtime
| wishlist from the FBI/NSA, so I wouldn't be surprised if this is
| their "...one more thing" in the same vein.
| imbuhuo wrote:
| Locking out other OSes isn't a main goal of Pluton (although
| technically it can), there are just too many issues (hey
| Infineon, Intel and Qualcomm I am looking at you) with existing
| dTPM and fTPM implementations.
| darzu wrote:
| I worked extensively with Pluton when I was employed on Azure
| Sphere (an IoT platform marketed as highly secure and composed of
| a linux-based OS, ARM SoC, and cloud service). I might be able to
| answer questions about this.
|
| Here's a blog by the engineer lead on Azure Sphere that discusses
| Pluton: https://azure.microsoft.com/en-us/blog/anatomy-of-a-
| secured-...
|
| Disclaimer: I still work at MSFT but in a different org.
| yellowapple wrote:
| The pressing concern for me: what does this mean for non-
| Windows operating systems running on Pluton-equipped systems?
| Will there be a possibility for non-Windows software to use
| Pluton's features?
| darzu wrote:
| I can only comment on the technical details I know of, not
| the business objectives of the parties involved.
|
| From a technical standpoint, Azure Sphere's OS was built on
| Linux. As far as I know, there isn't anything Windows
| specific to Pluton. Pluton was a separate (heavily-modified)
| ARM M4 core which we interfaced with from the main A7 core
| via a secure mailbox channel, which was again OS agnostic.
| chem83 wrote:
| Greetings!
|
| - Was Pluton based on an RTOS or is it running on bare-metal on
| top of the M4? - Is the architecture on the i.MX8-based Sphere
| the same as the one on MT3620? - Does the Security Subsystem
| running on the Cortex-A's secure world have any relationship
| with Pluton? Is the Security Subsystem running on top of the
| Sphere's modified Linux kernel like the normal world is?
|
| Thanks, cheers!
| darzu wrote:
| 1. Bare-metal 2. I only worked with the MT3620 so I cannot
| comment on others 3. Pluton would boot the A7's Secure World
| which would the boot A7 normal world. Secure World and Pluton
| interfaced regularly but they're fundamentally different code
| and purposes.
|
| Hope that helps!
| cm2187 wrote:
| A TPM integrated into the CPU makes sense (and I am puzzled why
| TPMs aren't a standard feature of all MB given the modest
| cost). But what about that diagram in the article with a link
| to the cloud? Will this thing phone home outside of the control
| of the OS?
| darzu wrote:
| In Azure Sphere, Pluton didn't do any direct network
| communication, that was all handled by the main core. Also
| there was no cellular so the whole system depended on user
| interaction to get online.
|
| When the main core wanted to talk to the Azure Sphere cloud
| service (from Linux user land), it would go through a remote
| attestation process that involved Pluton. Pluton can securely
| track what software was booted on the main core (called
| "measure boot") and it basically sends a hash of that to the
| cloud to prove to the cloud what software is currently
| running.
|
| So I imagine the chip-to-cloud thing they're talking about is
| this remote attestation protocol.
|
| Also, it's possible the term "Pluton" has been expanded to
| refer to more than just the M4 chip we used in Azure Sphere.
| Asmod4n wrote:
| So.. this basically means swapping your CPU gets rid of
| anything you stored on its "TPM", or can it be backuped up to
| the TPM of your Mainboard and restored to the new one you
| install?
| darzu wrote:
| I think the whole idea here is that Pluton will be integrated
| inside of the same physical chip as the CPU. So physically
| swapping CPUs would swap your Pluton core too.
|
| But the Pluton I know of didn't really have any writeable
| storage. It had some special ROM and fuses that it uses
| internally for its private keys but that's basically it.
| carlsborg wrote:
| 1. Is this specific to Azure Sphere CPUs? Or are general
| purpose intel CPUs going to have this capability.
|
| 2. If the latter, "Every piece of software on an Azure Sphere
| device must be signed by Microsoft." what does the OS interface
| look like?
| skohan wrote:
| Is Pluton specifically Windows related? Will this affect how easy
| it is to run Linux on hardware using Pluton?
| wmf wrote:
| Booting Linux is really a policy question, not technical.
| skohan wrote:
| Is it a policy question without Pluton? I.e. will this allow
| hardware vendors additional means to prevent me from
| installing Linux?
| qayxc wrote:
| > will this allow hardware vendors additional means to
| prevent me from installing Linux?
|
| No. Pluton serves as an on-chip secure enclave for
| encryption keys and the like. This is unrelated to
| installing operating systems.
| 1vuio0pswjnm7 wrote:
| Will the final purchaser of the computer chip, i.e., the
| consumer, have access to the enclave?
| smarx007 wrote:
| I don't think so given how much share Linux has on Azure, it
| simply would not be a wise move.
| chungus_khan wrote:
| If Qualcomm is implementing it, I'm sure it will on a technical
| level. Linux is important to AMD and Intel, but Linux-running
| devices represent nearly all of Qualcomm's non-embedded SOC
| market.
|
| Whether vendors can use it to restrict such things, I don't
| think anyone can say right now, but I would guess and hope not.
| The TPM does not.
| wahern wrote:
| If Qualcomm is implementing it then it should be easy enough
| to break. Qualcomm's secure enclave software for Android has
| had an absolutely abysmal security track record. Apple gets
| all the press precisely because it's such an achievement
| (well, that and Apple is more well known). Qualcomm hacks
| have come out like every 6 months for nearly a decade, and
| nobody cares anymore.
| merb wrote:
| well apple's enclave is broken aswell.
| https://arstechnica.com/information-
| technology/2020/10/apple...
|
| well at least it needs physical access.
| wahern wrote:
| FWIW, I meant Apple secure enclave hacks get all the
| attention because they're more of an achievement, at
| least in terms of published hacks being more rare. I
| tried to keep track of published Qualcomm breaks--which
| usually don't require physical access as they involve
| classic software bugs--several years ago but gave up
| because they were too numerous yet not as widely
| publicized. I had plenty of fodder by then, though I try
| to take mental note of new breaks that [briefly] appear
| on HN or elsewhere.
|
| I was keeping track of hacks for marketing material
| related to a security startup I was working on. The
| competition would have principally been smartphone-based
| authentication apps, both Android and iPhone.
| neerajsi wrote:
| In the embodiment I've seen, it's a ARM M-class core with some
| special crypto hardware and certain registers that allow the
| use of crypto keys without software running on the core ever
| seeing the key. There's a communication channel to the rest of
| the system, which is completely OS-agnostic.
|
| In Azure Sphere, Windows is nowhere in sight. The device runs a
| Linux Kernel.
| smarx007 wrote:
| Is this replacing the Cortex A5 used for the PSB?
| https://www.servethehome.com/amd-psb-vendor-locks-epyc-
| cpus-...
| noch wrote:
| Do the kids remember Microsoft's ghastly Palladium, from 2
| decades ago?
|
| >Known Elements of the Palladium System:
|
| > The system purports to stop viruses by preventing the running
| of malicious programs. The system will store personal data
| within an encrypted folder.
|
| > _The system will depend on hardware that has either a digital
| signature or a tracking number._
|
| > The system will filter spam. The system has a personal
| information sharing agent called "My Man."
|
| > The system will incorporate Digital Rights Management
| technologies for media files of all types (music, documents,
| e-mail communications). Additionally, the system purports to
| transmit data within the computer via encrypted paths
|
| https://epic.org/privacy/consumer/microsoft/palladium.html
| [deleted]
| [deleted]
| shmerl wrote:
| _> What the Pluton project from Microsoft and the agreement
| between AMD, Intel, and Qualcomm will do is build a TPM-
| equivalent directly into the silicon of every Windows-based PC of
| the future._
|
| CPUs with security modules controlled by MS? Who will guarantee
| it won't be abused against non MS systems and users?
| roywiggins wrote:
| How many Qualcomm CPUs run Windows?
| mixedCase wrote:
| Not that I think Pluton will be a problem for Linux (as in,
| one that won't be present on Windows also) but AFAIK Qualcomm
| and Microsoft had partnered to not only run Windows on ARM,
| but to run x86 software on ARM Windows.
| wyldfire wrote:
| Not many, but it's a growing market. Much of the Windows-on-
| ARM market is Qualcomm SoCs.
___________________________________________________________________
(page generated 2020-11-23 23:00 UTC)