Official Microsoft Pluton announcement
TechCrunch article
Phoronix - Pluton Linux 6.3 support
What we know for a fact?
- Proprietary hardware blackbox inside your CPU which runs proprietary code.
- Chip-to-Cloud security - which means it’s connected to the internet.
- Has low level hardware access.
- Impossible to physically remove, flash or make sure it is bypassed.
- It’s advertised as TPM.
What are valid concerns to avoid it like a plague?
-
Breaking all encryption at once - is the biggest dream of all glowing agencies and governments around the world. Is there any better way of doing it than reading everything before it is encrypted, therefore completely bypassing end-2-end encryption by chip inside all CPUs on the market? Just like Apple already does with iOS and MacOS which means when you use any private messenger and talk with Apple user - your communication is already burned? That was rhetorical question.
-
Microsoft and all of it’s products are known worldwide for
security…Spyware, selling your data to feds and ad companies, and now they’ve conspired with ALL top most CPU manufacturers to always have full system access on absolute most possible variants of hardware people use daily, be it PC market or mobile market. -
Absolutely unremovable backdoor, which it’s already claimed to be a successor and logical conclusion of Intel ME and AMD PSP - known motherboard based backdoors that has full access to your system independently of OS, because it runs Minix. Both of those chips are likely runned by NSA, since according to whistleblowers all of their motherboards ordered aboard doesn’t have Intel ME / AMD PSP right from the factories, and there could be only one reason why. Given fact of massive corporate collusion - likely Pluton is the same, more sophisticated spyware grid.
-
Even if by miracle it’s not backdoor and only does what it actually advertised for (although there’s no way to check that for proprietary firmware) - what it certainly is - just another attack vector for bad actors, all similar chips become hackable and desired target for professionals and criminals, because it has full access to your system. Great example would be Apple T2 security chip which has unfixable 0 day - this way your system become significantly more vulnerable with such security chip without ability to mitigate it.
-
Chip that has full access to your system, meaning ability to read, write from memory and disk and access to the internet - can and therefore will at some point also be DRM and severe as violation of property rights in your own hardware, exactly the same way that Apple or XBOX does it already, meaning:
- You don’t have a license to run that.
- You can only install this.
- We have scanned your file and it’s outlawed, we’ve removed it and send cops your way.
What can we do to avoid it?
Action
Let’s face it - hardware backdoors is not a technical problem to solve, because everyone can’t use RISC-V or some fully free system by definition, it’s mass market and mass-surveillance + breaking of encryption that is targeted.
So only boycott, huge media campaign, huge backlash and complete removal could really successfully fight it. Make yourself heard through media, tech creators, forums, public campaigns etc.
RISC-V
RISC-V is the only free & open-source CPU specification, that allows to build fully open-source hardware including motherboards which is driven by open-source firmware!
It’s still early days, there are mostly boards comparable to consumer ARMs, some comparable to Intel Core i7 performance.
Please note that if something allows to be Free & Open-Source - it doesn’t meant conrete implementation will be - you have to do some research before buying RISC-V.
Best reference example of implementation so far are sifive boards.
Linux support is still beta on Debian, Arch and Gentoo.
POWER9
Great option, in case you have spare 4000$ you can go endorsed by FSF. No laptops!
Talos II Lite mainboard
Talos II Mainboard
x86 / ARM CPUs
Don’t buy any CPU released after 17 November 2020:
There’s no database or viable way to check before you buy, if you want to be 100% sure - don’t buy CPU that was released past the date when Pluton was first announced.
First known CPU on market were AMD Ryzen 6000 for laptops, since then at least for Intel AMD and Qualcomm assume every CPU should certainly be released with Pluton, however only AMD reports it.
To get fully FOSS system (no Pluton, no Intel ME, no AMD PSP):
- Vikings KGPE-D16 mainboard + AMD Opteron server CPU
- Old ThinkPad with preinstalled or manually installed LibreBoot
My personal initial reaction in the time of first hearing about it
May i say it?
Can i please say it?!?
F*CK MICROSOFT!!!
Burn in Hell