←back to thread

The Dangers of Microsoft Pluton

(gabrielsieben.tech)
733 points gjsman-1000 | 4 comments | 26 Jul 22 03:46 UTC | HN request time: 0.002s | source
Show context
mjg59 ◴[26 Jul 22 16:48 UTC] No.32240713[source]
This is not a good article. At a technical level it's confused about a whole bunch of things:

* SMM has been part of x86 for decades. The Secured Core requirements around SMM actually reduce its power.

* The claimed requirement to remove the third party UEFI CA certificate from 2022 Secured Core PCs is entirely unrelated to Pluton (it's required regardless of whether Pluton is enabled or not, and even whether the CPU has Pluton or not)

* Most of the description of Pluton is actually a description of a TPM. You don't need DICE for remote attestation. TPMs are already a hardware keystore.

* System firmware is already being updated via Windows Update. The discussion about Pluton and Windows Update is around Pluton getting firmware updates that way (the existing story around firmware updates for TPMs is largely not good)

* Existing TPM-based remote attestation already includes the secure boot state

The short version: everything that the article is worried about being enabled by Pluton is already possible, and has been for years.

But there's a meaningful point here. Remote attestation can certainly be used to restrict access to resources in ways that are incompatible with general purpose computing, or which reduce user choice. Remote attestation can also be used to give end users confidence that their machine is in a good state without constraining what they do with it. As a technology, remote attestation can be used in both good and bad ways. We do need to keep track of whether anyone is threatening to use it in bad ways and react appropriately.

(But tbh remote attestation as an attack on general purpose computing isn't the really scary thing about widespread remote attestation. Remote attestation ties back to the TPM's endorsement key, an immutable cryptographic key certified by the TPM vendor at manufacturing time. The straightforward implementation of allowing arbitrary remote sites to trigger remote attestation would tie all of these accesses back to a single piece of hardware, and would be a privacy nightmare.)

replies(4): >>32240944 #>>32242883 #>>32245326 #>>32253456 #
userbinator ◴[26 Jul 22 23:26 UTC] No.32245326[source]
Arguing about the technicalities DOES NOT MATTER one bit about what the final outcome will be, and in fact appears to be a carefully calculated means of distraction.

everything that the article is worried about being enabled by Pluton is already possible, and has been for years.

There's a HUGE difference between "possible" and "very easy to deploy". https://news.ycombinator.com/item?id=29859106

replies(1): >>32245601 #
mjg59 ◴[27 Jul 22 00:13 UTC] No.32245601[source]
There's literally zero difference in how easy it is to deploy using Pluton and using existing TPMs.
replies(1): >>32245681 #
gjsman-1000 ◴[27 Jul 22 00:30 UTC] No.32245681[source]
This is partly true but its not quite. Think a little long-term here. Windows 10 ends support in just three years, in 2025. Windows 11 requires TPM 2.0, which was a big headache when Windows 11 was announced.

That means in three years, every supported PC will have TPM 2.0. Within ~1 year, assuming that Intel and AMD fulfill what they've implied in the launch announcement, every new PC will also come with Pluton.

That's a lot easier to deploy to compared to having some PCs with TPM, others without, some out-of-date on TPM 1.1, some with unpatched firmware (like the 2017 Infineon bug), so forth.

Now... some say, what about non-Windows systems, like macOS and Chrome? Think bigger for a second - Cisco (as an example) is in the Trusted Computing Group that designed a lot of this stuff, and Cisco Meraki is deployed in so many businesses for Wi-Fi security its incredible. All Cisco Meraki has to do (for example, maybe its not Cisco) is make a connection app that uses Pluton/TPM on Windows, Secure Enclave/T2 on macOS/iOS with Apple DeviceCheck, and SafetyNet on ChromeOS/Android. And you are all done - you've successfully made sure every new system is almost certainly untampered with. You've locked the door. For any system that can't be verified, no problems sending them to the IT Help Desk to be manually registered with a private key and sign a disclaimer.

It wasn't possible before, but five years from now, it will be much easier. Every Windows PC will be on the same page, and all major systems will have consistent assertion frameworks. Now, is Pluton wholly responsible? No. Windows 11 plays a role. Pluton just makes it broader and stronger, and Pluton also provides a long-term strengthening as eventually the TPM 2.0-only level will be able to be cut off for just Pluton.

replies(1): >>32245713 #
mjg59 ◴[27 Jul 22 00:37 UTC] No.32245713[source]
If your argument is "It's bad that all Windows systems will be guaranteed to have TPMs", then that's a reasonable argument to have! Everything that you're scared of here is 100% possible using TPMs (I have deployed hardware backed 802.1x certificates! I have made it impossible to get onto networks unless you have a TPM!), and Pluton doesn't change that. Making this about Pluton rather than about TPMs in general just means that people will believe they're somehow safe from the worst case outcome because they bought a CPU that doesn't have Pluton, when in reality if Microsoft decides to suddenly be extremely evil here they're going to be screwed over just as badly.
replies(2): >>32245788 #>>32245981 #
userbinator ◴[27 Jul 22 01:20 UTC] No.32245981[source]
Making this about Pluton rather than about TPMs in general just means that people will believe they're somehow safe from the worst case outcome because they bought a CPU that doesn't have Pluton

They certainly will be, if most people don't have Pluton. If only a minority have it, they wouldn't be able to even come close to requiring it.

replies(1): >>32246139 #
1. mjg59 ◴[27 Jul 22 01:53 UTC] No.32246139[source]
Which would do nothing to prevent them from rolling out draconian remote attestation technologies, if they wanted to.
replies(1): >>32246735 #
2. userbinator ◴[27 Jul 22 04:05 UTC] No.32246735[source]
Of course it would. The fact that almost no one has the hardware to attest, would mean trying to do that becomes extremely unpopular and shunned.
replies(2): >>32246788 #>>32246796 #
3. mjg59 ◴[27 Jul 22 04:14 UTC] No.32246788[source]
Windows 11 requires hardware that enables this capability. Any Windows certified client systems have required this since 2014. Pluton provides no attestation capabilities that are not present in TPMs.
4. gjsman-1000 ◴[27 Jul 22 04:17 UTC] No.32246796[source]
Windows has had TPM 2.0 since 2016, and remote attestation can be accomplished with the TPM only without Pluton being necessary. However, Pluton has its own issues and appears to make implementing attestations easier, by supporting different attestation protocols - and by potentially receiving new updates for that functionality later on. Pluton is also significantly stronger against attacks which have occurred on TPMs previously.

https://www.bleepingcomputer.com/forums/t/613941/tpm-20-is-m...