Security-related FAQ

With reference to recent press coverage, weaknesses in the hardware architecture of processors have been discovered. These vulnaribilities may potentially be exploited with malware and thus may be used for unwanted access to and even theft of business or private data. Those vulnaribilities are known as “Meltdown” and “Spectre”.

However, no cases have been reported so far that indicate the use of these vulnerabilities. In order to keep the risk to a minimum, it is important to have all recent updates for your operating system installed.

At this time we are investigating on this case as to what extend Shuttle products may be affected by vulnerabilities that cannot be patched by software updates alone. Should there be any BIOS updates required, we will provide them as soon as possible and keep you informed on availability.

  • Update 2018-01-11
    First BIOS updates are available for download
    Updated BIOS/EFI files have been provided for the DH110SE and DH110 models, which contain modified microcode to fix one of the vulnerabilities in the affected processors: https://global.shuttle.com/support/download
  • Update 2018-01-12
    Further models receive BIOS updates
    As of today, corresponding updates are also available for the models NC03U, NC03U3, NC03U5, NC03U7, XH110, XH110V and DH170: https://global.shuttle.com/support/download
  • Update 2018-01-18
    Download section expanded to include further updated BIOS versions
    The BIOS of the X50V5, DH270, XH110G and SH110R4 models is now also available in an error-correcting version: https://global.shuttle.com/support/download
  • Update 2018-01-19
    Provision of new BIOS versions to correct the security loophole
    In the download section of the Shuttle headquarters you will now also find a new BIOS for the XC60J, SZ170R8, SZ170R8V2, DX30, DS68U, NC02U, NC02U3, NC02U5, NC02U7, SZ270R8 and SZ270R9 models: https://global.shuttle.com/support/download
  • Update 2018-01-23
    Further models receive BIOS updates
    DS77U, DS77U3, DS77U5, DS77U7, DQ170, SH170R6 and SH170R6 Plus https://global.shuttle.com/support/download
  • Update 2018-01-29
    Further models receive BIOS updates
    X50V6 https://global.shuttle.com/support/download

Update 2018-03-27: Many Shuttle products with/for Kaby Lake processors are currently receiving another update to close the “Spectre” security loophole. Updated BIOS versions for devices based on this platform are available to download in the download section of Shuttle Headquarters.

The new versions contain updated Microcode updates (00×84), relating to the Kaby Lake platform, which Intel has provided to its hardware partners.

The update (00xC2) for our Skylake-based Mini-PCs provided back in January is still current and the devices are thus secured (see list below).

However, with all updates that are offered it should be noted again that they only guarantee the best possible protection in conjunction with an up-to-date operating system which for its part is provided with the latest daily updates and patches. :!:

  • New BIOS updates have been published for the following models (in alphabetical order):
    DH110, DH110SE, DH170, DH270, DQ170, DS77U, DS77U3, DS77U5, DS77U7, NC03U, NC03U3, NC03U5, NC03U7, SH110R4, SH170R6, SZ170R8, SZ170R8V2, SZ270R8, SZ270R9, X50V6, XH110, XH110G, XH110V, XH170V, XH270

You can access the downloads here: https://global.shuttle.com/support/download

  • Skylake-based products which have already received an update (in alphabetical order):
    DS67U, DS67U3, DS67U5, DS67U7, DS68U, NC02U, NC02U3, NC02U5, NC02U7, X50V5, X50V5U3

Shuttle is aware of the Intel ME/TXE Elevation of privileges vulnerabilities and have released BIOS updates to fix the security vulnerability since.

We have implemented BIOS updates aligned with Intel’s response to the Intel Management Engine (ME) and Intel Trusted Execution Engine (TXE) security vulnerabilities, so customers can be reassured their products are fully protected. For customers who have purchased Shuttle’s products for Intel platforms, please visit the Official Support Page to download the latest BIOS versions as well as ME and TXE drivers. The current update is outlined below:

XPC cubeSH110R4, SH170R6, SH170R6 Plus, SZ170R6 V2, SZ170R8, SZ170R8 V2, SZ270R8, SZ270R9
XPC slimDH110, DH110SE, DH170, DQ170, DH270, XH110, XH110G, XH170, XH270, XC60J, DX30, DS67U Series, DS68U, DS77U Series
XPC nanoNC02U Series, NC03U Series
XPC all-in-oneX50V5, X50V6

For more information on the Intel ME and TXE security vulnerabilities, please visit the Intel Security Center website for more details: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

The security and privacy of customers’ information are considered high priority at Shuttle. Any issues that affect the user’s experience with our products will be addressed with the utmost concern.

Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. It has a security-related crypto-processor that is designed to carry out cryptographic operations. The most common TPM functions are used for system integrity measurements and for key creation and use. TPMs are passive: they receive commands and return responses. Lately, the TPM version moves from version 1.2 to 2.0. TPM 2.0 has have important security advantages over TPM 1.2, but is not downward compatible. Traditionally, TPMs have been discrete chips soldered to a computer’s mainboard (e.g. DQ170). Recently, the OEM manufacturers use another implementation: the Firmware TPM solution (fTPM), running the TPM in firmware in a Trusted Execution mode of a general purpose computation unit.

The following list shows which Shuttle XPC models include the fTPM v2.0 function.

CategoryShuttle XPC ModelIntel CodenameFirmware TPM 2.0 support (fTPM)
1L XPC slim (Celeron)DX30Apollo LakeInitial BIOS DX30D000.101 (2016-11-07)
XS35xx Series
XS36xx Series
V5: Braswell
V4: Bay Trail
V3: Cedarview
No support
XPC nanoNC01U SeriesBroadwell-UNo support
NC02U SeriesSkylake-USince BIOS version NC02U000.103 (2016-08-05)
1L XPC slim (ULV)DS57U SeriesBroadwell-UNo support
DS67U SeriesSkylake-USince BIOS version DS67UE00.103 (2016-07-29)
DS68U SeriesSkylake-USince BIOS version DS68UE00.102 (2016-11-14)
1L XPC slim (LGA)DS81Haswell LGA1150No support
DS87Haswell LGA1150No support
DH110Skylake LGA1151Since BIOS version DH110000.104 (2016-08-05)
DH110SESkylake LGA1151Initial BIOS DH110100.100 (2016-07-18)
DH170Skylake LGA1151Since BIOS version DH170000.208 (2017-09-01)
DQ170Skylake LGA1151Equipped with a discrete TPM 2.0 module
3L XPC slim (LGA)XH81
XH81V
Haswell LGA1150No support
XH97VHaswell LGA1150No support
XH110
XH110V
Skylake LGA1151Since BIOS version XH110V00.104 (2016-08-16)
XH170VSkylake LGA1151Since BIOS version XH170V00.115 (2016-09-14)
XPC cubeSH81R4Haswell LGA1150No support
SH97R6Haswell LGA1150No support
SH110R4Skylake LGA1151Since BIOS version SH110000.102 (2016-09-01)
SH170R6Skylake LGA1151Since BIOS version SH170000.207 (2017-08-15)
SZ170R8Skylake LGA1151Since BIOS version SH170000.207 (2017-09-01)
SZ170R8V2Skylake LGA1151Since BIOS version SH170000.207 (2017-09-01)
15.6“ XPC all-in-oneX50V4 SeriesHaswell-UNo support
X50V5 SeriesSkylake-USince BIOS version X50V5000.104 (2016-11-14)

:!: Info: Devices with 3xx chipset (DH310, XH310, …) or higher (4xx, 5xx chipset) have fTPM 2.0 integrated by default.

Source: Wikipedia: Trusted Platform Module, Microsoft: TPM Recommendations

  • Last modified: 2021/11/11 08:52
  • by Shuttle