Microsofft Hardware-Embedded Question

Hopefully this is being asked in the appropriate place. :crazy_face:

Actually, I’m not sure if I’m even asking the question in a sensible manner! I’ll try…

I need to buy a new computer, desktop or laptop. Computers pre-installed with Microsoft appear to be less expensive and there are some good ones at Costco. However, I’ll wipe anything with Windows on first boot, or even pull the drive and put my own in.

I have heard people talk about how MS has embedded their stuff on a chip to any computer pre-installed with Windows. Is this true, and what are the privacy risks? Would such an arrangement have telemetry that remains even after wiping the OS?

Hopefully this doesn’t come across as weird. I don’t have a high threat model, but I’m still well aware of privacy risks regardless of security risks. It’s just a personal preference, I try to remain MS (and other) free.

If you are at this level of distrust, I’d say it would be better to get a device from a Linux manufacturer instead. There’s Slimbook, System76, Tuxedo, Purism, and Framework.

Someone can include the others I don’t know about.

For me, I am split between Slimbook, System 76 and Framework, though I won’t need a new laptop for probably another 5 years as I have a Lenovo workstation.

But I’m not at your level of distrust, though I kinda feel like I should be now :weary:

I’d say you better NOT get any device at all.

At least the one that has CPU produced after 17 November 2020.

So this would mean proprietary MS tech is actually a part of every CPU even for those like System76 who manufacture their own computers, but rely on Intel or AMD CPU’s.

The Pluton design removes the potential for that communication channel to be attacked by building security directly into the CPU.

In other words, perhaps it doesn’t matter what rig you purchase, so buy what makes the most sense and run whatever OS you desire.

I’m thankful, then, that I do not have a real threat model and just personal preference and convictions around privacy!


Pretty much…
:clown_face: :earth_africa:

You can use some old ThinkPad or if you brave enough to RISC-V in it’s raw state yet…which is not wise just yet :upside_down_face:
It’s really hard to find decent laptop with CPU before Pluton right now, unless it’s refurbished or used.

Deadly mistake btw, coz when it comes to privacy / security - everyone has real threat model…just not YET :rofl:

Actually i was thinking about Framework…meaning obtaining latest one and changing it’s board, but nobody sells their motherboards + CPUs so far :slightly_frowning_face:

Pluton can be turned off in UEFI Bios settings. Not sure if this feature is available on all manufacturers hardware but i know of many that it is.

Edit: As a further note it is my understanding that commercial products from Lenovo and Dell come with this feature disabled in the bios.


It can be disabled as well as privacy toggles in Windoze 10 :rofl:

It’s true that they claim to do so, but in a trust-me-bro fashion.
User nobody can prove or verify it unfortunately, because it’s literal black box inside CPU.


My suggestion would be to get hardware with a Ryzen 5000 series cpu


Little black box is just another chip.


Totally agree with this, it’s like being ahead of the curve!

I wonder how Coreboot might facilitate this… :thinking:

So far Libreboot, Coreboot and most importantly Qubes OS are silent on that…So i wouldn’t hold my breath, it seems like not something to be controlled via firmware / software.

Interesting stuff I’m finding now that I have a Pluton name to research. Affirmed that Dell and Lenovo did not implement Pluton (https://arstechnica.com/gadgets/2022/03/dell-says-microsofts-pluton-security-chip-isnt-right-for-its-business-pcs/), not certain if that remains true but it seems logical that it would. Then I found this for what it’s worth:

And this one is a bit strange, and not sure how reliable the headline remains:

But maybe that’s why you suggest the AMD Ryzen 5000 series, @ricklinux?

No, because 5000 doesn’t have Pluton at all, at least those that were out before 17 November 2020, if you can find a laptop that have it of course…
It’s best to go desktop, if you can.

All those systems will boot on Linux no problem i’m sure…except the problem of having M$ Pluton :rofl:

1 Like

With proprietary software, we have no idea.

Maybe nothing. Maybe everything.

I specifically just finished building my PC with the best Ryzen 5000 series chip ever made (Ryzen 9 5950x) as it may be the last computer I have for many many years.

Yes. Every single processor. No matter the final destination.

If freedom and privacy are things you value, look older than brand new.


You’ll have to figure out how much you believe MSI firmware security, but the MSI Delta 15 spec wise for a laptop is a gem.

One of these is much more probable than the other.

1 Like

It’s similar to saying.

Maybe F@c3b00k didn’t intend to be the government’s best friend for violating privacy. Maybe they did. :eyes:

1 Like

AMD supports Ryzen PRO 6000 processors with Linux, including partnering with select Linux distribution vendors on certifications for OEM products. The pluton security co-processor built into our Ryzen 6000 processors does not prohibit platforms from running Linux. Some OEM systems initially shipped with Windows may need to reconfigure their systems to boot Linux. To enable booting Linux on a platform that was shipped with Windows, a user can either:

  1. Enable the Microsoft 3rd Party UEFI CA in the UEFI secure boot database.

  2. Disable UEFI secure boot

Some OEMs have provided guidance for their specific platforms. A document from Lenovo is posted here.

This is a nice laptop if it interests you.

Too new, that’s 7000 chip. Guaranteed Pluton.

They would need 5000 or older.