Microsoft hardware limits the software you can use on your PC
A few months ago Microsoft introduced a security coprocessor called Pluto. This element is integrated into a processor, adding additional security to the system. This is positive, until they have discovered that due to Pluto, I cannot install Linux on a laptop. This of course leads to a question, can Microsoft decide what I install on my computer
The ThinkPad Z13 laptop makes use of the AMD Ryzen PRO 6860Z processor, which integrates the Microsoft Pluto coprocessor. The Ryzen PRO product range is focused on companies and professionals whose stored information is valuable. They add additional security measures to prevent possible information theft.
Microsoft Pluto, a constraint-based security coprocessor
The truth is that it is not the first time that Microsoft has been involved in a controversy for implementing restrictions. Windows 11 requires very modern processors, according to Microsoft, for security. In addition, to install this operating system you need a TPM Module or that the motherboard integrates it.
Pluto It aims to be one more solution to improve system security and prevent hacking. But the surprise has jumped when a user has tried to install Linux on a laptop that includes this element. He has tried to install various Linux distributions from a USB, but there was no way.
Trying to identify the problem, he has found that Pluto is preventing it. It seems that this security chip can only verify windows operating systems via UEFI Certificate Keys. This chip only trusts Microsoft UEFI keys, not third-party ones, such as those for Linux distributions.
It’s not really a question of AMD or the manufacturer of the laptop, which is Lenovo. Here who acts in bad faith is Microsoft, which is publicly close to Linux and the open source community, but later limits its use. Precisely AMD gives a lot of support to free software, just look at FSR 2.0, which is open source. Lenovo, for its part, has always supported the Open Source community, offering laptops with different Linux distributions.
This means that given the default firmware settings, only Windows will boot. It also means you won’t be able to boot from any third-party external peripherals that are connected via Thunderbolt. There is no security benefit to this.
– Matthew Garrett, security developer at Aurora
Be careful, because you start with Linux and…
It’s quite possible that you won’t be able to install a Linux distro that you don’t really care about, and for good reason. But, this is a precedent that could be extended to other more general software. Imagine not being able to install Google Chrome, Firefox or Brave, which Microsoft forces you to use only Edge.
We’re going over there. It could be the case that Microsoft strikes a deal with Adobe and you can only use Photoshop on your Windows machine, not use the alternatives. That you can only use Microsoft Office and not OpenOffice, for example. I’m sure you can think of more alternatives.
This could also end the freedom to install mods on games or just download them to try them out and decide if you want to buy them. In the end, Microsoft, under the guise of security, is limiting what you can do on your personal computer. It could start imposing restrictions that prevent access to software or even web pages.
A dangerous precedent, no doubt.