PTT on Stk2m3W64cc

DMa6 · ‎08-13-2017

Hi,

I have a Stk2m3W64cc and would like to turn on bitlocker on system drive.

I believe Intel has implemented PTT on this device ( per the link https://www.intel.in/content/www/in/en/support/boards-and-kits/intel-nuc-boards/000007452.html Trusted Platform Module Information) so fTPM should work but I couldn't find any BIOS setting related to PTT in latest BIOS version 0051.

I understand there is a way to turn on bitlocker without TPM but I would prefer to use TPM 2.0 whereever it is possible.

Please help.

Regards

David

n_scott_pearson · ‎08-14-2017

I would hope that PTT has been enabled automatically.

Here are instructions (provided previously) for how to turn on BitLocker on the Operating System drive:

Open the Control Panel System and Security, click BitLocker Drive Encryption and then click Turn on BitLocker.
Choose how you want to unlock your drive and follow the instructions in the next screen to set it up.
BitLocker will provide you with a recovery key. This key can be used to access your encrypted files if you ever lose your main key.
BitLocker will automatically encrypt new files as you add them, but you will need to choose what happens with the files currently on the drive. You can encrypt the entire drive (including the free space) or just encrypt the used disk files to speed up the process.

Hope this helps,

...S

DMa6 · ‎08-14-2017

PTT is not enabled automatically on this compute stick. I have run tpm.msc and shows no sign of TPM enabled.

This is why it makes me wonder if there is some switch there to flip it on.

I know all the parts on turning on Bitlocker but thanks for the instructions anyway.

Regards

David

n_scott_pearson · ‎08-15-2017

Ok, sounds like a BIOS requirement that wasn't met.

Intel Customer Support: Please file this issue! I suspect that you will find the FC and SC ICS BIOS also have the same issue...

...S

idata · ‎08-15-2017

Thank you to N. Scott Pearson for the information provided above.

stars: Thank you very much for joining the Intel® Compute Stick communities. We will do our best in order to try to fix this problem.

Just to let you know, I was checking the BIOS settings of two different Intel® compute sticks and I noticed that one of them, the one that supports v-pro, has the option to enable and disable TPM, and the other one does not have that option:

Intel® Compute Stick STK2m3W64CC:

Intel® Compute Stick STK2mv64CC:

We will do further research on this subject, as soon as I get any updates I will post all the details on this thread.

Any further questions, please let me know.

Regards,

Alberto R

idata · ‎08-21-2017

stars: I just gather additional details on the research I was doing on this subject, just to let you know the Intel® Platform Trust Technology (Intel® PTT) is a platform functionality for credential storage and key management used by Windows® 8 and Windows® 10. Intel PTT supports BitLocker* for hard drive encryption and supports all Microsoft requirements for firmware Trusted Platform Module (FTPM) 2.0.

Intel® PTT is an integrated solution in the Intel® Management Engine, for that reason please make sure the latest version of the management engine driver is installed on the stick:

https://downloadcenter.intel.com/download/26114/Compute-Stick-Intel-Management-Engine-Consumer-Driver-for-Intel-Compute-Stick-STK2m3W64CC%3Fproduct%3D91980 https://downloadcenter.intel.com/download/26114/Compute-Stick-Intel-Management-Engine-Consumer-Driver-for-Intel-Compute-Stick-STK2m3W64CC?product=91980

Besides that, the PTT is used and handled by Windows, so if the problem persists after trying the step above the best thing to do will be to get in contact with Microsoft directly:

https://support.microsoft.com/en-us/contactus/ https://support.microsoft.com/en-us/contactus/

Any questions, please let me know.

Regards,

Alberto R

n_scott_pearson · ‎08-21-2017

Alberto,

The issue is that the BIOS on the m3 CC is not providing an option to enable PTT. You cannot use the feature if you don't have a way to enable it (and David has found that it is not enabled by default).

...S

idata · ‎08-22-2017

N. Scott Pearson: Thank you for providing that feedback.

stars: In that case, we will do further research on this regard, as soon as I get any updates I will post all the details on this thread.

Any questions, please let me know.

Regards,

Alberto R

Ronny_G_Intel · ‎08-25-2017

Hi stars:

No IPTT support as TPM is implemented but only on the following Intel Compute Stick devices:

If you have a Stk2m3W64cc, TPM is not available.

See the following documentation for further information: https://www.intel.com/content/dam/support/us/en/documents/boardsandkits/computestick/STK2m3W64CC_STK2mv64CC_STK2m364CC_TechProdSpec02.pdf https://www.intel.com/content/dam/support/us/en/documents/boardsandkits/computestick/STK2m3W64CC_STK2mv64CC_STK2m364CC_T…

Regards,

Ronny G

n_scott_pearson · ‎08-25-2017

Ronny,

We are not talking about the TPM. We know that the TPM IC is not available on any non-VPro models. PTT is a separate replacement capability that is implemented as a part of the ME firmware. It is supposed to be available on non-VPro platforms in order to support BitLocker and things like disk encryption.

The issue is that the PTT feature is not enabled by default and no support (no parameter) is provided in the BIOS to indicate that the feature should be enabled.

...S

Ronny_G_Intel · ‎08-28-2017

I see your point. Let me double check on it and I will get back to you.

Regards,

Ronny G

Ronny_G_Intel · ‎09-07-2017

Hi stars,

Can you please provide me with the Serial Number and SA Number of the Stk2m3W64cc?

Thanks,

Ronny G

DMa6 · ‎09-09-2017

Hi,Ronny

SA# :H87908-205

SN# :BTCC60500026

Ronny_G_Intel · ‎09-07-2017

Can you also provide me with a screenshot when you run tpm.msc?

Thanks,

Ronny G