Windows 10: BMC Firmware Vulnerability Intel Server Boards, Compute Modules & Syst

Source: INTEL-SA-00130

:)

 

Intel Management Engine Vulnerability and Surface Devices

Source: Intel Management Engine Vulnerability and Surface Devices Surface

 

Verify Trusted Platform Module (TPM) Chip on Windows PC


Something I came across not long ago, is Firmware-based Trusted Platform Modules (fTPM). Whereas before in order to take advantage of a TPM you needed to have a physical TPM chip soldered to the motherboard, that seems to have changed at some point. You can now have either a Discrete TPM (Physical chip) or Firmware-based TPM.

As per THIS article, fTPM is acknowledged by the Trusted Computing Group (TCG) as a perfectly valid form of TPM and seems to perform much the same functions as a physical TPM. For Intel, their fTPM is called Intel Platform Trust Technology (PTT). I don't know what chips/motherboards/BIOS support PTT, however due to it being Firmware based (as the name suggests) and not requiring a separate physical chip, it means for some devices it's possible to retrospectively add a TPM to devices that didn't have one before.

Looking through the Intel NUC list, it's not just 6th gen Skylake NUC's that it's supported on, but also 5th gen Broadwell NUC's and 4th gen Haswell NUC's too. So if you have a NUC and you have the latest BIOS, then the chances are you have a TPM 2.0 module even if you didn't think you did. You just need to enable 'Intel Platform Trust Technology' in BIOS. As previously mentioned, I don't know what other manufacturers support/will support fTPM too.


The Intel Platform Trust Technology (PTT) setting in Intel VisualBIOS:





With Intel PTT on in BIOS, Device Manager and tpm.msc show a TPM 2.0 module installed.

 

Advantage of a server board?

It seems great on paper played with it myself actually on an old 771 xeon rig. Only useful for heavy computing. Not to mention if you are going true server grade board you need the CPUs for them which btw are $$$$$$$$ because server boards are ALOT more picky about CPUs and you cannot mix and match. you need a matching pair of specific chips; specifically ones with multiple QPI links (intel) and those xeons are not cheap.

Here is the standard list of xeon chips that support dual socket boards. Also note. consumer CPUs will not work in dual socket boards unless you run something like EVGA bipostar etc customs like the old scull trail. Also note these boards only take the xeon family. no 4770k for you. also the prices are listed. remember x2

Intel® Xeon® Processor E5 v2 Family Product Specifications