Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
New Contributor I
2,731 Views

Intel PTT on Z370 - supported?

Jump to solution

I am curious about PTT, how exactly it works, its benefits for a normal desktop user and so on.

I am asking because I see it as a potential option in my BIOS (8700K+MSI Z370 Gaming Plus) next to dTPP, which I am pretty sure the motherboard doesn't have. I took a look on the web and I see PTT as supported for Z370:

https://ark.intel.com/products/125903/Intel-Z370-Chipset Intel® Z370 Chipset Product Specifications

https://www.intel.com/content/www/us/en/products/chipsets/desktop-chipsets/z370.html Intel® Z370 Chipset

Yet if I take a look at https://www.intel.com/content/www/us/en/support/articles/000007452/mini-pcs.html https://www.intel.com/content/www/us/en/support/articles/000007452/mini-pcs.html there are just NUCs and other such compute devices listed.

If Z370 is supported, I have a few questions. Please do keep in mind I never used a TPM, so I don't have a first hand experience with these technologies. I did read what I found on the web, but some terms/functionality I am not familiar with.

- any negative effects if I enable it in BIOS on a PC with Windows 10 already installed? I see some broken English warning in the BIOS menu (nice job, MSI), could enabling this result in loss of info/not being able to boot etc?

- do I need to encrypt the SSD to profit from this? Use Bitlocker or other equivalent tech?

- if not, are there any benefits for a typical desktop user that is not worried somebody will come and steal his whole PC (as that'd require breaking into my home, and sure enough if that happens I'll have far worse issues than PC security)

Thanks!

0 Kudos

Accepted Solutions
Highlighted
Super User Retired Employee
127 Views

PTT implements the equivalent of a TPM 2.0-compliant Trusted Platform Module within the firmware running on the Intel Management Engine (ME). It provides the benefits of a TPM without actually having one. For learn more about TPMs, a good starting point is this article: https://en.wikipedia.org/wiki/Trusted_Platform_Module Trusted Platform Module - Wikipedia.

The article that you are referring to is part of content developed specifically for (potential) owners of Intel NUC, Compute Stick and Compute Card products; it is not intended for folks utilizing third-party designs. In third-party designs, in order to utilize PTT, your platform must be running a version of the ME firmware that contains PTT support. ME firmware is typically installed as part of the BIOS package, so your board manufacturer has some level of control over the ME firmware that is incorporated into BIOS releases. You thus need to ask them if they are including ME firmware that supports PTT (they should, but you need to verify this).

Answers to your questions: No. Not necessarily. Read about TPM usage (and you should always be worried; only the paranoid survive).

Hope this helps,

...S

View solution in original post

0 Kudos
3 Replies
Highlighted
Super User Retired Employee
128 Views

PTT implements the equivalent of a TPM 2.0-compliant Trusted Platform Module within the firmware running on the Intel Management Engine (ME). It provides the benefits of a TPM without actually having one. For learn more about TPMs, a good starting point is this article: https://en.wikipedia.org/wiki/Trusted_Platform_Module Trusted Platform Module - Wikipedia.

The article that you are referring to is part of content developed specifically for (potential) owners of Intel NUC, Compute Stick and Compute Card products; it is not intended for folks utilizing third-party designs. In third-party designs, in order to utilize PTT, your platform must be running a version of the ME firmware that contains PTT support. ME firmware is typically installed as part of the BIOS package, so your board manufacturer has some level of control over the ME firmware that is incorporated into BIOS releases. You thus need to ask them if they are including ME firmware that supports PTT (they should, but you need to verify this).

Answers to your questions: No. Not necessarily. Read about TPM usage (and you should always be worried; only the paranoid survive).

Hope this helps,

...S

View solution in original post

0 Kudos
Highlighted
New Contributor I
127 Views

Well I decided to give it a shot and see what happens. Worked OK in BIOS and detected in Windows 10 as well. Windows was happy about it and the new RS4/April Update version finally said that "Standard Hardware Security is supported". Looks like without TPM you won't be getting that message. After reading a bit more on it I decided to turn it off, doesn't seem worth it for a desktop PC that's not used for anything out of the ordinary. Considering I don't use an admin BIOS password, SSD encryption and I used netplwiz to ditch the requirement to enter a password each boot, I don't see any benefits for me from PTT. I value a faster boot more than additional security. I am however happy to see it is working:

"For end consumers, TPM is behind the scenes but is still very relevant. TPM is used for Windows Hello, Windows Hello for Business and in the future, will be a component of many other key security features in Windows."

That's from Microsoft. So maybe it will get better usage in the future. What would make me turn it on would be some "hardware acceleration", like helping Kaspersky work faster/not use CPU cycles. Or being able to store my browser passwords so I can restore them anywhere, even on a different browser, without much fuss and exporting/importing in Windows.

Anyway, thanks for the answer, and I am happy to report that PTT should work normally on Z370. For those that want to see Windows 10 reporting that hardware security is supported it's a must.

0 Kudos
Highlighted
Super User Retired Employee
127 Views

In Intel's NUC and Compute Stick products, they either include a hardware TPM or they rely on PTT. No products provide a connector for optionally adding a hardware TPM. I don't know if this is a sign of a trend-to-come; we'll have to see if the various ODMs/OEMs follow suit (i.e. drop support for hardware TPM connector)...

...S

0 Kudos