Table of Contents

Security-related FAQ

Information on "Meltdown" and "Spectre"

With reference to recent press coverage, weaknesses in the hardware architecture of processors have been discovered. These vulnaribilities may potentially be exploited with malware and thus may be used for unwanted access to and even theft of business or private data. Those vulnaribilities are known as “Meltdown” and “Spectre”.

However, no cases have been reported so far that indicate the use of these vulnerabilities. In order to keep the risk to a minimum, it is important to have all recent updates for your operating system installed.

At this time we are investigating on this case as to what extend Shuttle products may be affected by vulnerabilities that cannot be patched by software updates alone. Should there be any BIOS updates required, we will provide them as soon as possible and keep you informed on availability.

Spectre/Meltdown: Second BIOS update available

Update 2018-03-27: Many Shuttle products with/for Kaby Lake processors are currently receiving another update to close the “Spectre” security loophole. Updated BIOS versions for devices based on this platform are available to download in the download section of Shuttle Headquarters.

The new versions contain updated Microcode updates (00×84), relating to the Kaby Lake platform, which Intel has provided to its hardware partners.

The update (00xC2) for our Skylake-based Mini-PCs provided back in January is still current and the devices are thus secured (see list below).

However, with all updates that are offered it should be noted again that they only guarantee the best possible protection in conjunction with an up-to-date operating system which for its part is provided with the latest daily updates and patches. :!:

You can access the downloads here: https://global.shuttle.com/support/download

BIOS updates against Intel ME and TXE security vulnerabilities

Shuttle is aware of the Intel ME/TXE Elevation of privileges vulnerabilities and have released BIOS updates to fix the security vulnerability since.

We have implemented BIOS updates aligned with Intel’s response to the Intel Management Engine (ME) and Intel Trusted Execution Engine (TXE) security vulnerabilities, so customers can be reassured their products are fully protected. For customers who have purchased Shuttle’s products for Intel platforms, please visit the Official Support Page to download the latest BIOS versions as well as ME and TXE drivers. The current update is outlined below:

XPC cubeSH110R4, SH170R6, SH170R6 Plus, SZ170R6 V2, SZ170R8, SZ170R8 V2, SZ270R8, SZ270R9
XPC slimDH110, DH110SE, DH170, DQ170, DH270, XH110, XH110G, XH170, XH270, XC60J, DX30, DS67U Series, DS68U, DS77U Series
XPC nanoNC02U Series, NC03U Series
XPC all-in-oneX50V5, X50V6

For more information on the Intel ME and TXE security vulnerabilities, please visit the Intel Security Center website for more details: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

The security and privacy of customers’ information are considered high priority at Shuttle. Any issues that affect the user’s experience with our products will be addressed with the utmost concern.

Which Shuttle products support TPM v2.0?

Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. It has a security-related crypto-processor that is designed to carry out cryptographic operations. The most common TPM functions are used for system integrity measurements and for key creation and use. TPMs are passive: they receive commands and return responses. Lately, the TPM version moves from version 1.2 to 2.0. TPM 2.0 has have important security advantages over TPM 1.2, but is not downward compatible. Traditionally, TPMs have been discrete chips soldered to a computer’s mainboard (e.g. DQ170). Recently, the OEM manufacturers use another implementation: the Firmware TPM solution (fTPM), running the TPM in firmware in a Trusted Execution mode of a general purpose computation unit.

The following list shows which Shuttle XPC models include the fTPM v2.0 function.

CategoryShuttle XPC ModelIntel CodenameFirmware TPM 2.0 support (fTPM)
1L XPC slim (Celeron)DX30Apollo LakeInitial BIOS DX30D000.101 (2016-11-07)
XS35xx Series
XS36xx Series
V5: Braswell
V4: Bay Trail
V3: Cedarview
No support
XPC nanoNC01U SeriesBroadwell-UNo support
NC02U SeriesSkylake-USince BIOS version NC02U000.103 (2016-08-05)
1L XPC slim (ULV)DS57U SeriesBroadwell-UNo support
DS67U SeriesSkylake-USince BIOS version DS67UE00.103 (2016-07-29)
DS68U SeriesSkylake-USince BIOS version DS68UE00.102 (2016-11-14)
1L XPC slim (LGA)DS81Haswell LGA1150No support
DS87Haswell LGA1150No support
DH110Skylake LGA1151Since BIOS version DH110000.104 (2016-08-05)
DH110SESkylake LGA1151Initial BIOS DH110100.100 (2016-07-18)
DH170Skylake LGA1151Since BIOS version DH170000.208 (2017-09-01)
DQ170Skylake LGA1151Equipped with a discrete TPM 2.0 module
3L XPC slim (LGA)XH81
XH81V
Haswell LGA1150No support
XH97VHaswell LGA1150No support
XH110
XH110V
Skylake LGA1151Since BIOS version XH110V00.104 (2016-08-16)
XH170VSkylake LGA1151Since BIOS version XH170V00.115 (2016-09-14)
XPC cubeSH81R4Haswell LGA1150No support
SH97R6Haswell LGA1150No support
SH110R4Skylake LGA1151Since BIOS version SH110000.102 (2016-09-01)
SH170R6Skylake LGA1151Since BIOS version SH170000.207 (2017-08-15)
SZ170R8Skylake LGA1151Since BIOS version SH170000.207 (2017-09-01)
SZ170R8V2Skylake LGA1151Since BIOS version SH170000.207 (2017-09-01)
15.6“ XPC all-in-oneX50V4 SeriesHaswell-UNo support
X50V5 SeriesSkylake-USince BIOS version X50V5000.104 (2016-11-14)

:!: Info: Devices with 3xx chipset (DH310, XH310, …) or higher (4xx, 5xx chipset) have fTPM 2.0 integrated by default.

Source: Wikipedia: Trusted Platform Module, Microsoft: TPM Recommendations