A few months ago Microsoft I present a security coprocessor denominated Pluton. This element is integrated into a processor, adding additional security to the system. This is positive, until they have detected that due to Pluto, can’t install linux on a laptop. Of course, this leads to a question, can Microsoft decide what I install on my computer?
The ThinkPad Z13 laptop makes use of the AMD Ryzen PRO 6860Z processor, which integrates the Microsoft Pluto coprocessor. The Ryzen PRO product range is focused on companies and professionals whose stored information is valuable. They add additional security measures to prevent possible information theft.
Microsoft Pluto, a constraint-based security coprocessor
The truth is that it is not the first time that Microsoft has been involved in a controversy by implementing restrictions. Windows 11 it requires very modern processors, according to Microsoft, for security. Also, to install this operating system you need a TPM module or that the motherboard integrates it.
Pluton It pretends to be one more solution for improve system security and avoid hacks. But the surprise has jumped when a user has tried to install Linux on a laptop that includes this element. He has tried to install several Linux distributions from a USB, but there was no way.
Trying to identify the problem, you have found thatand Pluto is preventing it. It seems that this security chip can only verifyr operating systems Windows through the UEFI certificate keys. This chip only trusts Microsoft’s UEFI keys, not those of third parties, such as those of Linux distributions.
It’s really not a matter of AMD or the manufacturer of the laptop, which is Lenovo. Here who acts in bad faith is Microsoftwho is publicly close to Linux and the Open Source community, but later limits its use. Precisely AMD gives a lot of support to free software, just look at FSR 2.0, which is open source. Lenovo, for its part, has always supported the Open Source community, offering laptops with different Linux distributions.
This means that given the default firmware settings, nothing but Windows will boot. It also means you won’t be able to boot from any third-party external peripherals that are connected via Thunderbolt. There is no security benefit to this.
– Matthew Garrett, security developer at Aurora
Be careful, because you start with Linux and…
Quite possibly that you can’t install a Linux distribution really doesn’t matter to you, and with good reason. But, this is a precedent that could be extended to other more general software. Imagine not being able to install Google Chrome, Firefox or Brave, that Microsoft forces you to use only Edge.
Let’s go over there. It could be the case that Microsoft reaches an agreement with Adobe and you can only use Photoshop on your Windows machine, not use the alternatives. That you can only use Microsoft Office and not OpenOffice, for example. I’m sure you can think of more alternatives.
This could also end the freedom to install mods on games or simply download them to try them out and decide if you want to buy it. In the end, Microsoft under the banner of security is limiting what you can do on your personal computer. It could start imposing restrictions that prevent access to software or even web pages.
A dangerous precedent, without a doubt.