Dell opts out of Microsoft's Pluton security for Windows
This doesn't align with our approach, PC giant tells us
Yet another top-tier PC maker seemingly isn't interested right now in Microsoft's vision of hardware-level security for Windows 11 systems.
Dell won't include Microsoft's Pluton technology in most of its commercial PCs, telling The Register: "Pluton does not align with Dell's approach to hardware security and our most secure commercial PC requirements."
Microsoft launched to much fanfare its Pluton security layer for PCs in 2020 after developing it with Intel, AMD, and Qualcomm. Pluton effectively bakes a co-processor in silicon that securely stores encryption keys, credentials, and other sensitive information. The idea being that this data is kept close to the CPU cores, within the same processor package, thwarting attempts extract the secret info by, say, snooping an external bus.
It also allows Microsoft to define a base level of security features in the chips that Windows runs on. For instance, Pluton provides a Trusted Platform Module (TPM), a technology required by Windows 11.
The co-processor's origins trace back to the Xbox One gaming console in 2013, and later made it to Microsoft's Azure Sphere microcontroller for edge applications. But outside of homegrown hardware, Microsoft's still playing the waiting game.
Intel, for one, has not implemented Pluton in any 12th-Gen Intel Core processors, code-named Alder Lake. These chips instead come with their own Intel-designed TPM support.
Dell laptops coming soon with 12th-Gen Intel Core processors will therefore not use Pluton for their TPMs. The modules they will use, we're told, are certified by the Trusted Computing Group, and satisfy the FIPS 140-2 standard set by NIST.
"As with all new technologies, we will continue to evaluate Pluton to see how it compares against existing TPM implementations in the future," Dell's spokeswoman said. Dell also provides its own additional security, implemented at the hardware and software level, to defend customers against attacks, she added.
Reading between the lines: Dell isn't shipping PCs with processors featuring Pluton, and it's not, one way or another, in a position to be onboard with the tech.
Over to Lenovo
Lenovo told The Register its Intel-powered ThinkPads "will not support Microsoft Pluton at launch."
But ThinkPads introduced in January with AMD Ryzen 6000 processors will include Pluton as it's present in those AMD chips, though the feature will be disabled by default. AMD has provided an option for users to turn the feature on and off. Lenovo's ThinkPad X13s, which has Qualcomm's Arm-compatible Snapdragon 8cx Gen3 chip, includes Pluton.
HP declined to answer questions on its stand on Pluton, saying it doesn't comment on future or unannounced products.
Microsoft told The Register Pluton is a community effort with top silicon designers to develop a secure platform that can keep up with modern threats.
A spokesperson warned that lead times in semiconductors are long, giving as an example the drawn-out process to implement things like USB 4 in laptops. Typically hardware technologies take years to define before the chips are actually made and soldered to shipping computers. In other words, though Pluton was announced about a couple of years ago, don't expect it in silicon everywhere already.
"Microsoft and our partners are giving customers the flexibility and choice to configure Pluton to meet their specific needs. Microsoft is committed to working with partners and customers in the coming months and years to continue to bolster security with Pluton," the spokesperson said.
- For those worried about Microsoft's Pluton TPM chip: Lenovo won't even switch it on by default in latest ThinkPads
- Windows giant seeks Pluton-ic relationship with chipmaker: AMD first out of the gates with Microsoft's security processor
- Microsoft brings Trusted Platform Module functionality directly to CPUs under securo-silicon architecture Pluton
- AMD reminds everyone it's still doing Threadrippers
Specifically, Pluton can act as a TPM 2.0, and can also be used as an embedded security processor used for non-TPM scenarios to provide additional protections to a device.
"With Pluton, our partners have the choice and flexibility in offering Pluton with or without a third-party TPM," Microsoft's spokesperson said.
The big concern among users is the presence of a Microsoft chip in a PC, and the concept of "chip-to-cloud security," which could help the software maker exert more control of systems across the entire stack. Pluton security features can be kept updated through Windows Update. ®