HSP Pluton, the Security Processor Inside CPUs

HSP Pluton, the Security Processor Inside CPUs

During the presentation of the Hotchips regarding the Xbox Series X from Microsoft they talked about a new security processor called HSP Pluto, which will be implemented in future CPUs both x86 and ARM that run the Microsoft operating system. We tell you what the HSP Pluton is and how it will completely change the relationship between the hardware and the software it runs.

We live in an era where in recent years the tendency to restrict freedom in favor of security has appeared, which is still an imperative way of controlling lives. A trend that is also being carried out in the world of personal computers with the creation of fenced gardens.

What is the TPM on a PC?

Cabezal TPM placa base

To understand what Pluton is, we must first understand what the TPM or Trust Processor Module is, a name that translates as Trust Processor Module. But what do we understand by trust from the point of view of computing? In a personal relationship, trust refers to the level of security that two people have with each other in their relationships, for there to be trust there must be a consensus that one person trusts the other, hence the word trust.

But a computer is not a person, so trust in this case is based on giving a trust label to the software and equipping the hardware with a mechanism that makes it possible to only run what we call “signed” software or with trust. . That is, the software that the manufacturer of the same or the owner of the operating system with this can make it possible to run only the software with the trusted signature.

Activar TPM

In PC, the TPM is not found in the CPU, but in the same chipset of the motherboard and therefore it is an external element to the CPU itself, so a user with knowledge can take a logic analyzer next to a computer less than 50 euros and thereby alter the communication between the CPU and the TPM.

To date, no program on the PC is blocked in its execution by the TPM, but it acts during the startup of the same, so when we turn on the PC the only programs that run are those that have the confidence of the TPM, process which occurs until the operating system is loaded. This prevents a program from executing a PC reset without turning off the hardware that leads to the execution of malicious software.

What is Pluto and what are HSPs?

Pluton DRM

Pluton is what we call an HSP, where these acronyms mean High Security Processor or high security processor, this is defined by Microsoft as a security processor that lives inside another larger chip, which means that it will be integrated into the main processor, whatever the type. Being within where the processor is located then it is no longer possible to place a data analyzer to manipulate the operation of the TPM. In other words, an HSP can be defined as a highly integrated TPM.

Pluton DRM

Pluton is a design created by Microsoft where at the moment it is on a single platform that is close to Microsoft, but at the same time is foreign to the PC. It is on the Xbox Series X and Xbox Series S where the HSP Pluton has the ability to decide whether a program can be run on one of the two consoles or not. So it only allows the execution of programs signed by Microsoft itself for the console.

So with the HSP Pluton we are faced with a scenario in which we can only run software signed by Microsoft itself in our system. Which makes sense on a video game console as it is a closed ecosystem, but in principle on PC it shouldn’t make sense at all due to the open nature of the platform.

Microsoft wants to change its business model


Every new PC that we buy usually comes with a standard operating system, in 90% of the cases it is with Windows and Microsoft takes a good slice of it. On the other hand, thanks to the appearance of PostPC devices, a new business model has been created that consists of the following:

  • The operating system is given away, so it ceases to be a product by itself as it is integrated into the system and its features are sold as part of the integrated product.
  • In order to capitalize on the creator of the operating system, it launches an integrated application store, said application store has a monopoly on the distribution of software for said operating system.
  • Any product purchased through the application store brings with it a royalty for the owner of the platform.

Microsoft has tried in recent years to make a transition to the second business model with dire results for them, so the development of the HSP Pluton is key for the change in the business model by Microsoft for the future. In the same way that Pluto powers you on Xbox so you can only run signed software, the goal on PC is the same.

Are we really going to see the HSP Pluto on the PC?


Well, oddly enough, Microsoft has already confirmed that future APUs and CPUs from AMD and Intel will carry the HSP Pluton inside, so we are facing a piece that will be integrated into all PCs and that will change completely the rules of the PC, especially all those solutions that have to do with the boot of the same, which will completely affect the future options of the BIOS / UEFI.

It will reach the point where we will not be able to install the new version of Windows if we do not have a processor that contains the HSP Pluton inside it, since a future version of Windows as an operating system will require it to be able to run without problems.