Indkøbskurv
0
0,00 kr.

Microsoft´s - Microprocessor

2025-03-23

Microprocessors: CPU + GPU + APU + NPU

Why, CPU got done to, be your AL  by: 

USA´s - Microsoft??




USA/GB Version!

Microsoft Pluton security processor
  • Article
  • 07/15/2024
  • 3 contributors
  • Applies to:✅ Windows 11

In this article

  1. What is Microsoft Pluton?
  2. How can Pluton help customers?
  3. Microsoft Pluton security architecture overview
  4. Firmware load flow
Show 2 more

Microsoft Pluton security processor is a chip-to-cloud security technology built with Zero Trust principles at the core.

Microsoft Pluton provides hardware-based root of trust, secure identity, secure attestation, and cryptographic services. 

Pluton technology is a combination of a secure subsystem, which is part of the System on Chip (SoC) and Microsoft authored software that runs on this integrated secure subsystem.

Microsoft Pluton is currently available on devices with AMD Ryzen® 6000, 7000, 8000, Ryzen AI and Qualcomm Snapdragon® 8cx Gen 3 and Snapdragon X series processors. Microsoft Pluton can be enabled on devices with Pluton capable processors running Windows 11, version 22H2 and later.

What is Microsoft Pluton?

Designed by Microsoft and built by silicon partners, Microsoft Pluton is a secure crypto-processor built into the CPU for security at the core to ensure code integrity and the latest protection with updates delivered by Microsoft through Windows Update. Pluton protects credentials, identities, personal data, and encryption keys. Information is significantly harder to be removed even if an attacker installs malware or has complete physical possession of the PC.

Microsoft Pluton is designed to provide the functionality of the Trusted Platform Module (TPM) and deliver other security functionality beyond what is possible with the TPM 2.0 specification, and allows for other Pluton firmware and OS features to be delivered over time via Windows Update. 

For more information, see Microsoft Pluton as TPM.

Pluton is built on proven technology used in Xbox and Azure Sphere, and provides hardened integrated security capabilities to Windows 11 devices in collaboration with leading silicon partners. For more information, see Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs.

How can Pluton help customers?

Pluton is built with the goal of providing customers with better end-to-end security experiences. It does so by doing three things:

  1. Zero-trust security and reliability: Customer security scenarios often span devices and cloud services. Windows PCs and services like Microsoft Entra and Intune need to work harmoniously together to provide frictionless security. Pluton is designed, built and maintained in close collaboration with teams across Microsoft to ensure that customers get both high security and reliability.
  2. Innovation: Pluton platform and the functionality it provides is informed by customer feedback and Microsoft's threat intelligence. As an example, Pluton platforms in 2024 AMD and Intel systems will start to use a Rust-based firmware foundation given the importance of memory safety.
  3. Continuous improvement: Pluton platform supports loading new firmware delivered through operating system updates. This functionality is supported alongside the typical mechanism of UEFI capsule updates that update the Pluton firmware that is resident on the system's SPI flash and loaded during early system boot. The additional support for dynamically loading valid new Pluton firmware through operating system updates facilitates continuous improvements both for bug fixes and new features.

A practical example: 

zero-trust security with device-based conditional access policies

An increasingly important zero-trust workflow is conditional access – gating access to resources like Sharepoint documents based on verifying whether requests are coming from a valid, healthy source. Microsoft Intune, for example, supports different workflows for conditional access including device-based conditional access which allows organizations to set policies that ensure that managed devices are healthy and compliant before granting access to the organization's apps and services.

To ensure that Intune gets an accurate picture about the device's health as part of enforcing these policies, ideally it has tamper-resistant logs on the state of the relevant security capabilities. This is where hardware security is critical as any malicious software running on the device could attempt to provide false signals to the service. One of the core benefits of a hardware security technology like the TPM, is that it has a tamper-resistant log of the state of the system. Services can cryptographically validate that logs and the associated system state reported by the TPM truly come from the TPM.

For the end-to-end scenario to be truly successful at scale, the hardware-based security is not enough. Since access to enterprise assets is being gated based on security settings that are being reported by the TPM logs, it is critical that these logs are available reliably. Zero-trust security essentially requires high reliability.

With Pluton, when it is configured as the TPM for the system, customers using conditional access get the benefits of Pluton's security architecture and implementation with the reliability that comes from the tight integration and collaboration between Pluton and other Microsoft components and services.

Microsoft Pluton security architecture overview


Expand table Description
Hardware Pluton Security Processor is a secure element tightly integrated into the SoC subsystem. 

It provides a trusted execution environment while delivering cryptographic services required for protecting sensitive resources and critical items like keys, data, etc.

Firmware Microsoft authorized firmware provides required secure features and functionality, and exposes interfaces that operating system software and applications can use to interact with Pluton. 

The firmware is stored in the flash storage available on the motherboard. When the system boots, the firmware is loaded as a part of Pluton Hardware initialization. 

During Windows startup, a copy of this firmware (or the latest firmware obtained from Windows Update, if available) is loaded in the operating system. For more information, see Firmware load flow

Software Operating system drivers and applications available to an end user to allow seamless usage of the hardware capabilities provided by the Pluton security subsystem.




Pluton Security subsystem consists of the following layers:

Expand table Description

Hardware Pluton Security Processor is a secure element tightly integrated into the SoC subsystem. 

It provides a trusted execution environment while delivering cryptographic services required for protecting sensitive resources and critical items like keys, data, etc.

Firmware Microsoft authorized firmware provides required secure features and functionality, and exposes interfaces that operating system software and applications can use to interact with Pluton. The firmware is stored in the flash storage available on the motherboard. 

When the system boots, the firmware is loaded as a part of Pluton Hardware initialization. During Windows startup, a copy of this firmware (or the latest firmware obtained from Windows Update, if available) is loaded in the operating system. 

For more information, see Firmware load flow.

Software Operating system drivers and applications available to an end user to allow seamless usage of the hardware capabilities provided by the Pluton security subsystem.

Firmware load flow.

When the system boots, Pluton hardware initialization is performed by loading the Pluton firmware from the Serial Peripheral Interface (SPI) flash storage available on the motherboard. 

During Windows startup however, the latest version of the Pluton firmware is used by the operating system. 

If newer firmware isn't available, Windows uses the firmware that was loaded during the hardware initialization. 

This diagram illustrates this process:


Windows edition and licensing requirements

The following table lists the Windows editions that support Microsoft Pluton.


The Source: Microsoft.

Best Regards


Kenneth Enevold Nielsen-Shin

Denmark

Adopted from SouthKorea since, the year, 1972, for July to Jutland by Denmark´s own Danish Parents. To be consequense a child with the epilepsy (Granmal, Version) with, Full power, effekt!!

2025: Simple, Compleks-version (Simple Version) Small attacks, epilepsy effect. 

 (Pico, Mal Version)

Thanks

United States!






Danish version!

Microsoft Pluton sikkerhedsprocessor

Artikel15/07/20243 bidragydere

Gælder for:✅ Windows 11
I denne artikelHvad er Microsoft Pluton?Hvordan kan Pluton hjælpe kunder?Microsoft Pluton sikkerhedsarkitektur oversigtFirmware load flowVis 2 mereMicrosoft Pluton-sikkerhedsprocessor er en chip-til-sky-sikkerhedsteknologi bygget med Zero Trust-principper i kernen. Microsoft Pluton leverer hardwarebaseret root of trust, sikker identitet, sikker attestation og kryptografiske tjenester. Pluton-teknologi er en kombination af et sikkert undersystem, som er en del af System on Chip (SoC) og Microsoft-forfattet software, der kører på dette integrerede sikre undersystem.
Microsoft Pluton er i øjeblikket tilgængelig på enheder med AMD Ryzen® 6000, 7000, 8000, Ryzen AI og Qualcomm Snapdragon® 8cx Gen 3- og Snapdragon X-seriens processorer. Microsoft Pluton kan aktiveres på enheder med Pluton-kompatible processorer, der kører Windows 11, version 22H2 og nyere.
Hvad er Microsoft Pluton?Designet af Microsoft og bygget af siliciumpartnere, Microsoft Pluton er en sikker kryptoprocessor, der er indbygget i CPU'en til sikkerhed i kernen for at sikre kodeintegritet og den seneste beskyttelse med opdateringer leveret af Microsoft gennem Windows Update. Pluton beskytter legitimationsoplysninger, identiteter, personlige data og krypteringsnøgler. Oplysninger er betydeligt sværere at fjerne, selvom en hacker installerer malware eller har fuldstændig fysisk besiddelse af pc'en.
Microsoft Pluton er designet til at levere funktionaliteten af ​​Trusted Platform Module (TPM) og levere anden sikkerhedsfunktionalitet ud over, hvad der er muligt med TPM 2.0-specifikationen, og giver mulighed for, at andre Pluton-firmware- og OS-funktioner kan leveres over tid via Windows Update. For mere information, se Microsoft Pluton som TPM.
Pluton er bygget på gennemprøvet teknologi, der bruges i Xbox og Azure Sphere, og giver hærdede integrerede sikkerhedsfunktioner til Windows 11-enheder i samarbejde med førende siliciumpartnere. For mere information, se Mød Microsoft Pluton-processoren – sikkerhedschippen designet til fremtiden for Windows-pc'er.
Hvordan kan Pluton hjælpe kunder?Pluton er bygget med det mål at give kunderne bedre end-to-end sikkerhedsoplevelser. Det gør den ved at gøre tre ting:
Sikkerhed og pålidelighed uden tillid: Kundesikkerhedsscenarier spænder ofte over enheder og cloud-tjenester. Windows-pc'er og tjenester som Microsoft Entra og Intune skal arbejde harmonisk sammen for at give friktionsfri sikkerhed. Pluton er designet, bygget og vedligeholdt i tæt samarbejde med teams på tværs af Microsoft for at sikre, at kunderne får både høj sikkerhed og pålidelighed.Innovation: Pluton-platformen og den funktionalitet, den leverer, er baseret på kundefeedback og Microsofts trusselsintelligens. Som et eksempel vil Pluton-platforme i 2024 AMD- og Intel-systemer begynde at bruge et Rust-baseret firmwarefundament givet vigtigheden af ​​hukommelsessikkerhed.Kontinuerlig forbedring: Pluton-platformen understøtter indlæsning af ny firmware leveret gennem operativsystemopdateringer. Denne funktionalitet understøttes sideløbende med den typiske mekanisme for UEFI-kapselopdateringer, der opdaterer Pluton-firmwaren, der findes på systemets SPI-flash og indlæses under tidlig systemstart. Den ekstra support til dynamisk indlæsning af gyldig ny Pluton-firmware gennem operativsystemopdateringer letter løbende forbedringer både for fejlrettelser og nye funktioner.Et praktisk eksempel: nul-tillidssikkerhed med enhedsbaserede politikker for betinget adgangEn stadig vigtigere nul-tillid-workflow er betinget adgang – portadgang til ressourcer som Sharepoint-dokumenter baseret på at verificere, om anmodninger kommer fra en gyldig, sund kilde. Microsoft Intune understøtter for eksempel forskellige arbejdsgange for betinget adgang, herunder enhedsbaseret betinget adgang, som giver organisationer mulighed for at sætte politikker, der sikrer, at administrerede enheder er sunde og kompatible, før de giver adgang til organisationens apps og tjenester.
For at sikre, at Intune får et præcist billede af enhedens helbred som en del af håndhævelsen af ​​disse politikker, har den ideelt set manipulationssikre logfiler over de relevante sikkerhedsfunktioners tilstand. Det er her hardwaresikkerhed er kritisk, da enhver ondsindet software, der kører på enheden, kan forsøge at give falske signaler til tjenesten. En af kernefordelene ved en hardwaresikkerhedsteknologi som TPM er, at den har en manipulationssikker log over systemets tilstand. Tjenester kan kryptografisk validere, at logfiler og den tilhørende systemtilstand, der rapporteres af TPM, virkelig kommer fra TPM.
For at ende-til-ende-scenariet virkelig bliver succesfuldt i skala, er den hardwarebaserede sikkerhed ikke nok. Da adgang til virksomhedsaktiver bliver gated baseret på sikkerhedsindstillinger, der rapporteres af TPM-logfilerne, er det afgørende, at disse logfiler er tilgængelige pålideligt. Zero-trust sikkerhed kræver i bund og grund høj pålidelighed.

Pluton Security-undersystemet består af følgende lag:


Hardware Pluton Security Processor er et sikkert element, der er tæt integreret i SoC-undersystemet. 

Det giver et pålideligt eksekveringsmiljø, mens det leverer kryptografiske tjenester, der er nødvendige for at beskytte følsomme ressourcer og kritiske elementer som nøgler, data osv.

Firmware Microsoft-autoriseret firmware giver nødvendige sikre funktioner og funktionalitet og afslører grænseflader, som operativsystemsoftware og -applikationer kan bruge til at interagere med Pluton. Firmwaren er gemt i flashlageret, der er tilgængeligt på bundkortet. 

Når systemet starter, indlæses firmwaren som en del af Pluton Hardware initialisering. 

Under Windows-start indlæses en kopi af denne firmware (eller den seneste firmware fra Windows Update, hvis tilgængelig) i operativsystemet. 

For mere information, se Firmware-belastningsflow

Software Operativsystemdrivere og applikationer, der er tilgængelige for en slutbruger for at muliggøre problemfri brug af hardwarefunktionerne leveret af Pluton-sikkerhedsundersystemet.

Firmware load flow

Når systemet starter, udføres Pluton-hardwareinitialisering ved at indlæse Pluton-firmwaren fra det Serial Peripheral Interface (SPI) flashlager, der er tilgængeligt på bundkortet. 

Under opstart af Windows bruges den seneste version af Pluton-firmwaren dog af operativsystemet. 

Hvis nyere firmware ikke er tilgængelig, bruger Windows den firmware, der blev indlæst under hardwareinitialiseringen. 

Dette diagram illustrerer denne proces:

Pluton Security-undersystemet består af følgende lag:




Beskrivelse

Hardware Pluton Security Processor er et sikkert element, der er tæt integreret i SoC-undersystemet. 

Det giver et pålideligt eksekveringsmiljø, mens det leverer kryptografiske tjenester, der er nødvendige for at beskytte følsomme ressourcer og kritiske elementer som nøgler, data osv.

Firmware Microsoft-autoriseret firmware giver nødvendige sikre funktioner og funktionalitet og afslører grænseflader, som operativsystemsoftware og -applikationer kan bruge til at interagere med Pluton. Firmwaren er gemt i flashlageret, der er tilgængeligt på bundkortet. 

Når systemet starter, indlæses firmwaren som en del af Pluton Hardware initialisering. 

Under Windows-start indlæses en kopi af denne firmware.

(eller den seneste firmware fra Windows Update, hvis tilgængelig) i operativsystemet. 

For mere information, se Firmware-belastningsflow.


Software Operativsystemdrivere og applikationer, der er tilgængelige for en slutbruger for at muliggøre problemfri brug af hardwarefunktionerne leveret af Pluton-sikkerhedsundersystemet.

Firmware load flow

Når systemet starter, udføres Pluton-hardware initialisering ved at indlæse Pluton-firmwaren fra det Serial Peripheral Interface (SPI) flashlager, der er tilgængeligt på bundkortet. 

Under opstart af Windows bruges den seneste version af Pluton-firmwaren dog af operativsystemet. 

Hvis nyere firmware ikke er tilgængelig, bruger Windows den firmware, der blev indlæst under hardware initialiseringen. 

Dette diagram illustrerer denne proces:

Diagram, der viser Microsoft Pluton Firmware load flow

Windows-udgave og licenskrav

Følgende tabel viser de Windows-udgaver, der understøtter Microsoft Pluton:


Windows-udgave og licenskrav

Følgende tabel viser de Windows-udgaver, der understøtter Microsoft Pluton.

Kilden: Microsoft.


Bedste hilsner

Kenneth Enevold Nielsen-Shin

Danmark

Adopteret fra Sydkorea siden, året 1972, for juli til Jylland af Danmarks egne danske forældre. 

At være til konsekvens, et barn med epilepsi (Granmal, Version) med, fuld kraft, effekt!!

2025: Simple, Komplekse-version (Simple Version) Små angreb, epilepsieffekt (Pico, Mal Version)

Tak!

USA




Share