This is an old revision of the document!

Security-related FAQs

With reference to recent press coverage, weaknesses in the hardware architecture of processors have been discovered. These vulnaribilities may potentially be exploited with malware and thus may be used for unwanted access to and even theft of business or private data. Those vulnaribilities are known as “Meltdown” and “Spectre”.

However, no cases have been reported so far that indicate the use of these vulnerabilities. In order to keep the risk to a minimum, it is important to have all recent updates for your operating system installed.

At this time we are investigating on this case as to what extend Shuttle products may be affected by vulnerabilities that cannot be patched by software updates alone. Should there be any BIOS updates required, we will provide them as soon as possible and keep you informed on availability.

  • Update 2018-01-11
    First BIOS updates are available for download
    Updated BIOS/EFI files have been provided for the DH110SE and DH110 models, which contain modified microcode to fix one of the vulnerabilities in the affected processors:
  • Update 2018-01-12
    Further models receive BIOS updates
    As of today, corresponding updates are also available for the models NC03U, NC03U3, NC03U5, NC03U7, XH110, XH110V and DH170:

Shuttle is aware of the Intel ME/TXE Elevation of privileges vulnerabilities and have released BIOS updates to fix the security vulnerability since.

We have implemented BIOS updates aligned with Intel’s response to the Intel Management Engine (ME) and Intel Trusted Execution Engine (TXE) security vulnerabilities, so customers can be reassured their products are fully protected. For customers who have purchased Shuttle’s products for Intel platforms, please visit the Official Support Page to download the latest BIOS versions as well as ME and TXE drivers. The current update is outlined below:

XPC cubeSH110R4, SH170R6, SH170R6 Plus, SZ170R6 V2, SZ170R8, SZ170R8 V2, SZ270R8, SZ270R9
XPC slimDH110, DH110SE, DH170, DQ170, DH270, XH110, XH110G, XH170, XH270, XC60J, DX30, DS67U Series, DS68U, DS77U Series
XPC nanoNC02U Series, NC03U Series
XPC all-in-oneX50V5, X50V6

For more information on the Intel ME and TXE security vulnerabilities, please visit the Intel Security Center website for more details:

The security and privacy of customers’ information are considered high priority at Shuttle. Any issues that affect the user’s experience with our products will be addressed with the utmost concern.

Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. It has a security-related crypto-processor that is designed to carry out cryptographic operations. The most common TPM functions are used for system integrity measurements and for key creation and use. TPMs are passive: they receive commands and return responses. Lately, the TPM version moves from version 1.2 to 2.0. TPM 2.0 has have important security advantages over TPM 1.2, but is not downward compatible. Traditionally, TPMs have been discrete chips soldered to a computer’s mainboard (e.g. DQ170). Recently, the OEM manufacturers use another implementation: the Firmware TPM solution (fTPM), running the TPM in firmware in a Trusted Execution mode of a general purpose computation unit.

The following list shows which Shuttle XPC models include the fTPM v2.0 function.

CategoryShuttle XPC ModelIntel CodenameFirmware TPM 2.0 support (fTPM)
1L XPC slim (Celeron)DX30Apollo LakeInitial BIOS DX30D000.101 (2016-11-07)
XS35xx Series
XS36xx Series
V5: Braswell
V4: Bay Trail
V3: Cedarview
No support
XPC nanoNC01U SeriesBroadwell-UNo support
NC02U SeriesSkylake-USince BIOS version NC02U000.103 (2016-08-05)
1L XPC slim (ULV)DS57U SeriesBroadwell-UNo support
DS67U SeriesSkylake-USince BIOS version DS67UE00.103 (2016-07-29)
DS68U SeriesSkylake-USince BIOS version DS68UE00.102 (2016-11-14)
1L XPC slim (LGA)DS81Haswell LGA1150No support
DS87Haswell LGA1150No support
DH110Skylake LGA1151Since BIOS version DH110000.104 (2016-08-05)
DH110SESkylake LGA1151Initial BIOS DH110100.100 (2016-07-18)
DH170Skylake LGA1151Will support soon (Q1'17)
DQ170Skylake LGA1151Equipped with a discrete TPM 2.0 module
3L XPC slim (LGA)XH81
Haswell LGA1150No support
XH97VHaswell LGA1150No support
Skylake LGA1151Since BIOS version XH110V00.104 (2016-08-16)
XH170VSkylake LGA1151Since BIOS version XH170V00.115 (2016-09-14)
XPC cubeSH81R4Haswell LGA1150No support
SH97R6Haswell LGA1150No support
SH110R4Skylake LGA1151Since BIOS version SH110000.102 (2016-09-01)
SH170R6Skylake LGA1151Will support soon (Q1'17)
SZ170R8Skylake LGA1151Will support soon (Q1'17)
SZ170R8V2Skylake LGA1151Initial BIOS SZ170200.100 (2016-07-04)
15.6“ XPC all-in-oneX50V4 SeriesHaswell-UNo support
X50V5 SeriesSkylake-USince BIOS version X50V5000.104 (2016-11-14)

Source: Wikipedia: Trusted Platform Module, Microsoft: TPM Recommendations

  • Last modified: 2018/01/12 07:35
  • by Shuttle