Security-related FAQ
Information on "Meltdown" and "Spectre"
With reference to recent press coverage, weaknesses in the hardware architecture of processors have been discovered. These vulnaribilities may potentially be exploited with malware and thus may be used for unwanted access to and even theft of business or private data. Those vulnaribilities are known as “Meltdown” and “Spectre”.
However, no cases have been reported so far that indicate the use of these vulnerabilities. In order to keep the risk to a minimum, it is important to have all recent updates for your operating system installed.
At this time we are investigating on this case as to what extend Shuttle products may be affected by vulnerabilities that cannot be patched by software updates alone. Should there be any BIOS updates required, we will provide them as soon as possible and keep you informed on availability.
- Update 2018-01-11
First BIOS updates are available for download
Updated BIOS/EFI files have been provided for the DH110SE and DH110 models, which contain modified microcode to fix one of the vulnerabilities in the affected processors: https://global.shuttle.com/support/download - Update 2018-01-12
Further models receive BIOS updates
As of today, corresponding updates are also available for the models NC03U, NC03U3, NC03U5, NC03U7, XH110, XH110V and DH170: https://global.shuttle.com/support/download - Update 2018-01-18
Download section expanded to include further updated BIOS versions
The BIOS of the X50V5, DH270, XH110G and SH110R4 models is now also available in an error-correcting version: https://global.shuttle.com/support/download - Update 2018-01-19
Provision of new BIOS versions to correct the security loophole
In the download section of the Shuttle headquarters you will now also find a new BIOS for the XC60J, SZ170R8, SZ170R8V2, DX30, DS68U, NC02U, NC02U3, NC02U5, NC02U7, SZ270R8 and SZ270R9 models: https://global.shuttle.com/support/download - Update 2018-01-23
Further models receive BIOS updates
DS77U, DS77U3, DS77U5, DS77U7, DQ170, SH170R6 and SH170R6 Plus https://global.shuttle.com/support/download - Update 2018-01-29
Further models receive BIOS updates
X50V6 https://global.shuttle.com/support/download
Spectre/Meltdown: Second BIOS update available
Update 2018-03-27: Many Shuttle products with/for Kaby Lake processors are currently receiving another update to close the “Spectre” security loophole. Updated BIOS versions for devices based on this platform are available to download in the download section of Shuttle Headquarters.
The new versions contain updated Microcode updates (00×84), relating to the Kaby Lake platform, which Intel has provided to its hardware partners.
The update (00xC2) for our Skylake-based Mini-PCs provided back in January is still current and the devices are thus secured (see list below).
However, with all updates that are offered it should be noted again that they only guarantee the best possible protection in conjunction with an up-to-date operating system which for its part is provided with the latest daily updates and patches.
- New BIOS updates have been published for the following models (in alphabetical order):
DH110, DH110SE, DH170, DH270, DQ170, DS77U, DS77U3, DS77U5, DS77U7, NC03U, NC03U3, NC03U5, NC03U7, SH110R4, SH170R6, SZ170R8, SZ170R8V2, SZ270R8, SZ270R9, X50V6, XH110, XH110G, XH110V, XH170V, XH270
You can access the downloads here: https://global.shuttle.com/support/download
- Skylake-based products which have already received an update (in alphabetical order):
DS67U, DS67U3, DS67U5, DS67U7, DS68U, NC02U, NC02U3, NC02U5, NC02U7, X50V5, X50V5U3
BIOS updates against Intel ME and TXE security vulnerabilities
Shuttle is aware of the Intel ME/TXE Elevation of privileges vulnerabilities and have released BIOS updates to fix the security vulnerability since.
We have implemented BIOS updates aligned with Intel’s response to the Intel Management Engine (ME) and Intel Trusted Execution Engine (TXE) security vulnerabilities, so customers can be reassured their products are fully protected. For customers who have purchased Shuttle’s products for Intel platforms, please visit the Official Support Page to download the latest BIOS versions as well as ME and TXE drivers. The current update is outlined below:
XPC cube | SH110R4, SH170R6, SH170R6 Plus, SZ170R6 V2, SZ170R8, SZ170R8 V2, SZ270R8, SZ270R9 |
---|---|
XPC slim | DH110, DH110SE, DH170, DQ170, DH270, XH110, XH110G, XH170, XH270, XC60J, DX30, DS67U Series, DS68U, DS77U Series |
XPC nano | NC02U Series, NC03U Series |
XPC all-in-one | X50V5, X50V6 |
For more information on the Intel ME and TXE security vulnerabilities, please visit the Intel Security Center website for more details: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
The security and privacy of customers’ information are considered high priority at Shuttle. Any issues that affect the user’s experience with our products will be addressed with the utmost concern.
Which Shuttle products support TPM v2.0?
Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. It has a security-related crypto-processor that is designed to carry out cryptographic operations. The most common TPM functions are used for system integrity measurements and for key creation and use. TPMs are passive: they receive commands and return responses. Lately, the TPM version moves from version 1.2 to 2.0. TPM 2.0 has have important security advantages over TPM 1.2, but is not downward compatible. Traditionally, TPMs have been discrete chips soldered to a computer’s mainboard (e.g. DQ170). Recently, the OEM manufacturers use another implementation: the Firmware TPM solution (fTPM), running the TPM in firmware in a Trusted Execution mode of a general purpose computation unit.
The following list shows which Shuttle XPC models include the fTPM v2.0 function.
Category | Shuttle XPC Model | Intel Codename | Firmware TPM 2.0 support (fTPM) |
---|---|---|---|
1L XPC slim (Celeron) | DX30 | Apollo Lake | Initial BIOS DX30D000.101 (2016-11-07) |
XS35xx Series XS36xx Series | V5: Braswell V4: Bay Trail V3: Cedarview | No support | |
XPC nano | NC01U Series | Broadwell-U | No support |
NC02U Series | Skylake-U | Since BIOS version NC02U000.103 (2016-08-05) | |
1L XPC slim (ULV) | DS57U Series | Broadwell-U | No support |
DS67U Series | Skylake-U | Since BIOS version DS67UE00.103 (2016-07-29) | |
DS68U Series | Skylake-U | Since BIOS version DS68UE00.102 (2016-11-14) | |
1L XPC slim (LGA) | DS81 | Haswell LGA1150 | No support |
DS87 | Haswell LGA1150 | No support | |
DH110 | Skylake LGA1151 | Since BIOS version DH110000.104 (2016-08-05) | |
DH110SE | Skylake LGA1151 | Initial BIOS DH110100.100 (2016-07-18) | |
DH170 | Skylake LGA1151 | Since BIOS version DH170000.208 (2017-09-01) | |
DQ170 | Skylake LGA1151 | Equipped with a discrete TPM 2.0 module | |
3L XPC slim (LGA) | XH81 XH81V | Haswell LGA1150 | No support |
XH97V | Haswell LGA1150 | No support | |
XH110 XH110V | Skylake LGA1151 | Since BIOS version XH110V00.104 (2016-08-16) | |
XH170V | Skylake LGA1151 | Since BIOS version XH170V00.115 (2016-09-14) | |
XPC cube | SH81R4 | Haswell LGA1150 | No support |
SH97R6 | Haswell LGA1150 | No support | |
SH110R4 | Skylake LGA1151 | Since BIOS version SH110000.102 (2016-09-01) | |
SH170R6 | Skylake LGA1151 | Since BIOS version SH170000.207 (2017-08-15) | |
SZ170R8 | Skylake LGA1151 | Since BIOS version SH170000.207 (2017-09-01) | |
SZ170R8V2 | Skylake LGA1151 | Since BIOS version SH170000.207 (2017-09-01) | |
15.6“ XPC all-in-one | X50V4 Series | Haswell-U | No support |
X50V5 Series | Skylake-U | Since BIOS version X50V5000.104 (2016-11-14) |
Info: Devices with 3xx chipset (DH310, XH310, …) or higher (4xx, 5xx chipset) have fTPM 2.0 integrated by default.
Source: Wikipedia: Trusted Platform Module, Microsoft: TPM Recommendations