The first Windows 11 devices equipped with the Microsoft Pluton security chip unveiled at CES

In January 2020, Microsoft announced the launch of the Microsoft Pluton security chip, which will be integrated into Intel, AMD, and Qualcomm processors.

The purpose of Microsoft’s research and development of this security chip is to reduce the available attack surface of Windows PCs, thereby improving device security and reducing the impact of security issues.

In fact, this security chip has been integrated into Microsoft Xbox and Microsoft Azure Sphere before, and then expanded to the desktop platform.

At CES2022, the first devices that integrate the security chip have been unveiled, including Thinkpad Z13/16 equipped with AMD RYZEN 6000 series.

The trusted platform module can significantly improve the security of the system, but the problem is that the trusted platform module and the processor are separated, so the intermediate channel can be used for attacks.

Researchers did find a way to steal data, which is to hijack the security key when it is transmitted between the trusted platform module and the processor to obtain the key.

In the research case, the researcher succeeded in stealing the Microsoft Bitlocker encryption key, thereby decrypting the hard drive encrypted by BL to obtain data.

The Microsoft Pluton security chip is used to enhance security, and its main manifestation is that it is too difficult to steal data from the channel directly integrated into the processor.

This security chip can simulate a trusted platform module and directly process the security key in the central processing unit, and can perform tasks with a higher security level.

According to Microsoft, the chip can also provide protection during the startup process, encryption keys, and processing credentials, preventing malware and other attacks from gaining access.

Lenovo has launched ThinkPad Z13 and Z16 equipped with AMD RYZEN 6000 series, combining the security solutions of Microsoft and AMD to improve device security.

Including the security layered method based on AMD PRO and the integration of Microsoft security chip to realize the powerful security of the full link from chip to cloud for Windows 11 PC.

These Lenovo devices also support fingerprint recognition, and the fingerprint reader data will be protected by Microsoft’s security chip, making it difficult for attackers to crack biometric verification.

Of course, the price of these devices is not cheap, Z13 uses an AMD RYZEN PRO U processor, 32GB LPDDR5 memory, 1TB PCIe 4.0 SSD.