So actually Pluton is like the equivalent of Apple’s Security Enclave on Apple Silicon such as the M1 and beyond?
"Equivalent" is the wrong connotation. There is a common subset of things they do, but also substantive differences.
Pluton was mainly trying to be a "next gen" TPM solution. A proposed standard across implementations for security, but doing away with the aspect of being implemented as a discrete chip.
" ...
Microsoft Pluton is designed to provide the functionality of the Trusted Platform Module (TPM) and deliver other security functionality beyond what is possible with the TPM 2.0 specification, and allows for other Pluton firmware and OS features to be delivered over time via Windows Update. For more information, see
Microsoft Pluton as TPM.
..."
Learn more about Microsoft Pluton security processor
learn.microsoft.com
Pluton doesn't throw out UEFI boot process. Apple's approach does. Part of the security issue here is how does on validate the 'stack' of the root of trust all the way down to the hardware. How the boot firmware gets validated is part of the security issue. What is common here between "Secure Enclave" and "Pluton" is securing the communication path between the central processor and the 'helper' security processor by putting them all on the same die ( hence no path for a man-in-the-middle attack ).
Pluton is 'open enough' that there is some nominal Linux support.
www.phoronix.com
Portions of the "free software" base protested about TPM signed checks for operating systems , so protests against Pluton were not surprising. Putting the security subsysem inside the central processor package means it isn't 'optional' or a 'discrete add-on'. Folks choices are more limited as to whether it is there or not.
So if I decide to want more security should I choose the Pluton machines or stick with the MacBook Pro which has the Security Enclave?
Choosing Pluton is mainly choosing Windows. It isn't so much as 'more security' issue , but a different boot security approach issue. Pluton is choosing Window's boot security preferences and likely future requirements.
Choosing Apple's implementation is choosing Apple's boot preferences and requirements.
Intel's recent Lunar Lake has introduced a "Partner Security Engine". System vendors can implement a compatible Pluton implementation with it. Or something else if they think that "something else" is 'better' ( what is 'better' varies among individuals/organizations. By Windows 13 (or so) integrated security processor could be the evolution of the TPM 'functionality' requirement that Windows 11 laid down.
" ...
Dell,
quoted by the Register, mentioned the following regarding Microsoft Pluton:
“Pluton does not align with Dell’s approach to hardware security and our most secure commercial PC requirements…as with all new technologies, we will continue to evaluate Pluton to see how it compares against existing TPM implementations in the future.”
..."
Find out about Microsoft Pluton — a new hardware security chip from Microsoft, and what challenges does it meet
www.starwindsoftware.com
Intel's VPro was another approach ( and since Dell was at that time a super Intel fan.. pluton wasn't for them). What Microsoft is mainly doing with Pluton is trying to get some standard that would cross SoC vendor lines.
The general overall industry push toward 'passkeys' only going to push for required "secure key handler' hardware just be present in all new systems. If buying something with a new SoC going forward there isn't going to be a gap here. [ long time ago a floatpoint processing was an optional 'add-on' for PCs. Further back didn't necessarily have a GPU. Now those are basically assumed 'givens' in the PC space. Same thing about basic 'key handling' by 2025 point. ]
