芦苇is the new chip initiative that Microsoft announced with AMD, Intel and Qualcomm. Pluton is meant to improve the security of Windows systems in two key ways: First, by moving the Trusted Platform Module (TPM) from a separate chip into the central processing unit (CPU) itself. Second, by enabling Pluton for Windows computers to integrate with the Windows Update process for security firmware updates.
While these are good improvements, it’s easy to miss the deeper the significance of this announcement in the technical minutiae. Pluton represents more than deep technical changes: it shows that Microsoft is still an industry giant that has the power to direct the fundamentals of the technology industry, and it is willing to do so in the interest of a trust-based vision that Gates outlined in 2002.
This mobilization of industry giants is reminiscent of Microsoft at the height of its power. There are many things truly new about today’s Microsoft, but this is a reminder that it is still a powerful force in the industry. Few other companies could point other players directions like these and make it happen this broadly.
The directions Microsoft is dictating trace directly back to the TWC memo of 2002. Specifically, the focus on trusted devices and the use of automatic updates to keep those devices secure.
In terms of trusted devices, Pluton builds on work that was first seen in Windows Vista in 2006 and the Xbox One in 2013. Windows Vista brought support for TPM into Windows for the first time, while the Pluton design itself was part of the Xbox One, itself an outgrowth of earlier work in Windows and TPM.
芦苇weaves these two technology threads together into a fabric that also increases defenses against attacks both against CPUs and current TPM technology. Pluton can provide new defenses against the emerging class of hardware-based speculative execution that we saw emerging in 2018 with幽灵和崩溃。TPM进入CPU的运动还可以对基于总线的攻击进行计数器，并与其与CPU进行的CPU进行通信，特别是2019年以来。冥王星是攻击者和捍卫者之间正在进行的国际象棋比赛中的最新举措，一种动态在维护可信设备方面至关重要。
Windows Update has been a critical tool for Microsoft’s security since before the TWC memo, when it was first pressed into service during the Code Red attacks of 2001. After it showed its usefulness in helping counter those attacks, it became a central pillar in Microsoft’s security tactics and strategy and made its way into Gates’ memo.
在扩大Windows Update’s scope of protection like Microsoft is doing with Pluton is so logical that it seems unremarkable, that masks the significant legal, logistical, and technological difficulties this move entails. Put another way, this is a move that has literally been nearly 20 years in the making. It will happen at great cost, obligation hassle and expense for Microsoft. And this is a move that has, at best, indirect financial benefit for the company, so it’s driven by trust rather than dollars.