This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
faq:software:security [2017/12/08 15:58]
christian [BIOS updates against Intel ME and TXE security vulnerabilities]
faq:software:security [2021/07/09 12:02] (current)
TS [Which Shuttle products support TPM v2.0?]
Line 1: Line 1:
-====== Security-related FAQs ======+====== Security-related FAQ ====== 
 +===== Information on "Meltdown" and "Spectre" ===== 
 +With reference to recent press coverage, weaknesses in the hardware architecture of processors have been discovered. These vulnaribilities may potentially be exploited with malware and thus may be used for unwanted access to and even theft of business or private data. Those vulnaribilities are known as "Meltdown" and "Spectre"
 +However, no cases have been reported so far that indicate the use of these vulnerabilities. In order to keep the risk to a minimum, it is important to have all recent updates for your operating system installed. 
 +At this time we are investigating on this case as to what extend Shuttle products may be affected by vulnerabilities that cannot be patched by software updates alone. Should there be any BIOS updates required, we will provide them as soon as possible and keep you informed on availability. 
 +  * //Update 2018-01-11//\\ **First BIOS updates are available for download**\\ Updated BIOS/EFI files have been provided for the DH110SE and DH110 models, which contain modified microcode to fix one of the vulnerabilities in the affected processors: http://global.shuttle.com/support/download 
 +  * //Update 2018-01-12//\\ **Further models receive BIOS updates**\\ As of today, corresponding updates are also available for the models NC03U, NC03U3, NC03U5, NC03U7, XH110, XH110V and DH170: http://global.shuttle.com/support/download 
 +  * //Update 2018-01-18//\\ **Download section expanded to include further updated BIOS versions**\\ The BIOS of the X50V5, DH270, XH110G and SH110R4 models is now also available in an error-correcting version: http://global.shuttle.com/support/download 
 +  * //Update 2018-01-19//\\ **Provision of new BIOS versions to correct the security loophole**\\ In the download section of the Shuttle headquarters you will now also find a new BIOS for the XC60J, SZ170R8, SZ170R8V2, DX30, DS68U, NC02U, NC02U3, NC02U5, NC02U7, SZ270R8 and SZ270R9 models: http://global.shuttle.com/support/download 
 +  * //Update 2018-01-23//\\ **Further models receive BIOS updates**\\ DS77U, DS77U3, DS77U5, DS77U7, DQ170, SH170R6 and SH170R6 Plus http://global.shuttle.com/support/download 
 +  * //Update 2018-01-29//\\ **Further models receive BIOS updates**\\ X50V6 http://global.shuttle.com/support/download 
 +==== Spectre/Meltdown: Second BIOS update available ==== 
 +//Update 2018-03-27//: Many Shuttle products with/for **Kaby Lake** processors are currently receiving another update to close the "Spectre" security loophole. Updated BIOS versions for devices based on this platform are available to download in the download section of Shuttle Headquarters. 
 +The new versions contain updated Microcode updates (00x84), relating to the Kaby Lake platform, which Intel has provided to its hardware partners. 
 +The update (00xC2) for our Skylake-based Mini-PCs provided back in January is still current and the devices are thus secured (see list below). 
 +However, with all updates that are offered it should be noted again that they only guarantee the best possible protection in conjunction with an up-to-date operating system which for its part is provided with the latest daily updates and patches. :!: 
 +  * **New BIOS updates** have been published for the following models (in alphabetical order):\\ DH110, DH110SE, DH170, DH270, DQ170, DS77U, DS77U3, DS77U5, DS77U7, NC03U, NC03U3, NC03U5, NC03U7, SH110R4, SH170R6, SZ170R8, SZ170R8V2, SZ270R8, SZ270R9, X50V6, XH110, XH110G, XH110V, XH170V, XH270 
 +You can access the downloads here: http://global.shuttle.com/support/download 
 +  * Skylake-based products which have already received an update (in alphabetical order):\\ DS67U, DS67U3, DS67U5, DS67U7, DS68U, NC02U, NC02U3, NC02U5, NC02U7, X50V5, X50V5U3
 ===== BIOS updates against Intel ME and TXE security vulnerabilities ===== ===== BIOS updates against Intel ME and TXE security vulnerabilities =====
 Shuttle is aware of the Intel ME/TXE Elevation of privileges vulnerabilities and have released BIOS updates to fix the security vulnerability since. Shuttle is aware of the Intel ME/TXE Elevation of privileges vulnerabilities and have released BIOS updates to fix the security vulnerability since.
Line 18: Line 46:
 **The following list shows which Shuttle XPC models include the fTPM v2.0 function.** **The following list shows which Shuttle XPC models include the fTPM v2.0 function.**
 ^Category^Shuttle XPC Model^Intel Codename^Firmware TPM 2.0 support (fTPM)^ ^Category^Shuttle XPC Model^Intel Codename^Firmware TPM 2.0 support (fTPM)^
 ^1L XPC slim (Celeron)^DX30|Apollo Lake|Initial BIOS DX30D000.101 (2016-11-07)| ^1L XPC slim (Celeron)^DX30|Apollo Lake|Initial BIOS DX30D000.101 (2016-11-07)|
Line 31: Line 58:
 ^:::^DH110|Skylake LGA1151|Since BIOS version DH110000.104 (2016-08-05)| ^:::^DH110|Skylake LGA1151|Since BIOS version DH110000.104 (2016-08-05)|
 ^:::^DH110SE|Skylake LGA1151|Initial BIOS DH110100.100 (2016-07-18)| ^:::^DH110SE|Skylake LGA1151|Initial BIOS DH110100.100 (2016-07-18)|
-^:::^DH170|Skylake LGA1151|Will support soon (Q1'17)|+^:::^DH170|Skylake LGA1151|Since BIOS version DH170000.208 (2017-09-01)|
 ^:::^DQ170|Skylake LGA1151|Equipped with a discrete TPM 2.0 module| ^:::^DQ170|Skylake LGA1151|Equipped with a discrete TPM 2.0 module|
 ^3L XPC slim (LGA)^XH81\\ XH81V|Haswell LGA1150|No support| ^3L XPC slim (LGA)^XH81\\ XH81V|Haswell LGA1150|No support|
Line 40: Line 67:
 ^:::^SH97R6|Haswell LGA1150|No support| ^:::^SH97R6|Haswell LGA1150|No support|
 ^:::^SH110R4|Skylake LGA1151|Since BIOS version SH110000.102 (2016-09-01)| ^:::^SH110R4|Skylake LGA1151|Since BIOS version SH110000.102 (2016-09-01)|
-^:::^SH170R6|Skylake LGA1151|Will support soon (Q1'17)| +^:::^SH170R6|Skylake LGA1151|Since BIOS version SH170000.207 (2017-08-15)| 
-^:::^SZ170R8|Skylake LGA1151|Will support soon (Q1'17)| +^:::^SZ170R8|Skylake LGA1151|Since BIOS version SH170000.207 (2017-09-01)| 
-^:::^SZ170R8V2|Skylake LGA1151|Initial BIOS SZ170200.100 (2016-07-04)|+^:::^SZ170R8V2|Skylake LGA1151|Since BIOS version SH170000.207 (2017-09-01)|
 ^15.6" XPC all-in-one^X50V4 Series|Haswell-U|No support| ^15.6" XPC all-in-one^X50V4 Series|Haswell-U|No support|
 ^:::^X50V5 Series|Skylake-U|Since BIOS version X50V5000.104 (2016-11-14)| ^:::^X50V5 Series|Skylake-U|Since BIOS version X50V5000.104 (2016-11-14)|
 +:!: **Info**: Devices with **3xx chipset** (DH310, XH310, …) or higher (**4xx, 5xx chipset**)  have fTPM 2.0 integrated by default.
 **Source**: Wikipedia: [[wp>Trusted Platform Module]], Microsoft: [[https://technet.microsoft.com/en-us/itpro/windows/keep-secure/tpm-recommendations|TPM Recommendations]] **Source**: Wikipedia: [[wp>Trusted Platform Module]], Microsoft: [[https://technet.microsoft.com/en-us/itpro/windows/keep-secure/tpm-recommendations|TPM Recommendations]]
  • Last modified: 2017/12/08 15:58
  • by christian