Microsoft Pluton Processor

Spotted this article on security hardware which may be something of use to IPFire in the future?

Hi,

just to have my personal opinion written down here, I doubt this will be come interesting for IPFire in the future for various reasons:

  1. If you cannot rely on your hardware, it’s curtains - especially on a firewall
    We keep telling people running their firewall (no matter which one they use) in a virtualised environment is a bad idea in terms of security - although it is still better than not having a firewall at all :expressionless: -, and if I got the idea behind Pluton right, it is sort of an enhanced combination of a HSM and a TPM primarily for virtualised/cloud environments.
    Both of them are hilarious if you are running in a virtual environment: If the hypervisor knows or can guess the hash values for measured boot expected, it just returns them to the VM, pretending everything to be fine. Ultimately, one will never be sure if there even is a HSM, since the VM is already running on a software emulating hardware - so why not emulating the HSM/TPM/Pluton chip as well.

  2. Secure Boot is an ongoing desaster - why trust Microsoft on this one?
    Remember when Microsoft came up with UEFI and Secure Boot? Suddenly, a PC won’t boot the operating system you desired if it is not sort of approved by Microsoft. Officially aiming against so-called bootkits (powerful rootkits loading their own Windows kernels), this is actually another manifestation of Microsofts’ dominance in the PC market.
    If Secure Boot worked (it does not, for reasons explained below) and a TPM is in place (which is required for some features to work in modern Windows operating systems), why is Pluton necessary at all?
    Microsoft eventually accidentally leaked the key used for Secure Boot, nullifying the security effect this technique theoretically ever had. Aside from that, getting their distributions signed was an ongoing nuisance for Linux distributions, which is why IPFire decided not to waste any time on this.
    So, Pluton is the next hype in terms of hardware security then. Based on my experience, I am very skeptic about it.

  3. CPUs are too powerful already - Pluton makes things even worse
    We do have a problem with CPUs being too powerful and too hard to control by the operating system today - various CPU vulnerabilities come to mind, remote administration features which cannot be reliably disabled, suspicious Management Engines (Intel) or Platform Security Processors (AMD) having direct access to almost any data processed on the machine by design, etc. pp. - actually, ad nauseam.
    Pluton makes this mess even worse by it’s design.

Personally, I cannot think of a relevant use-case for IPFire, and if I could, I would not use Pluton for it.

Sorry for this rather disillusioning reply - I would have loved to be able to give you a more positive one.

Thanks, and best regards,
Peter Müller

2 Likes