Intel® NUCs have embedded Intel® AES New Instructions (Intel® AES-NI). They are a set of instructions that enable fast and secure data encryption and decryption. AES-NI are valuable for a wide range of cryptographic applications, for example: applications that perform bulk encryption/decryption, authentication, random number generation, and authenticated encryption.
The available NUC models with Trusted Platform Module belong to the 5th generation; the models are 5i3MYHE and 5i5MYHE.
Intel will have newer versions with TPM in the future.
Thanks for the reply!
The great thing with the new Skylake processors with the PTT (Platform Trust Technology) and the AES Encryption Co-Processor is that a separate TPM module is no longer needed! It's embedded into the processor itself. The BIOS just has to be configured properly to access it. I know this because I built a PC with a motherboard that did not have a TPM module, but its proprietary BIOS was properly programmed to access the Skylake PTT AES Encryption Co-Processor and the embedded TPM 2.0 encryption keys. The proprietary BIOS accessed the Intel Skylake PTT AES TPM 2.0 Encryption Keys. I was able to setup BitLocker using those Intel TPM 2.0 keys. I will take a picture of it and post it here so you can see it for yourself.
Note the TPM Manufacturer Information indicates INTC a.k.a. Intel; Manufacturer Version 11.0 (TPM); Specification Version 2.0
The Intel PTT AES TPM 2.0 is embedded in the Skylake processors! The BIOS just has to be configured properly to access it.
From Windows 10 Pro TPM Management Window accessed from the BitLocker screen.
The Skylake processor used with the exact same PTT and AES Technology features as the i3-6100U.
I now know the manufacturer of the proprietary BIOS pictured above that accesses the PTT AES TPM 2.0 encryption keys for system security and hardening to prevent criminals from hacking into your system and stealing your bank accounts, credit card numbers, and your life. I am still waiting to hear back from my escalated support request.
1 of 1 people found this helpful
I review 6th gen NUCs features. 6th gen processors include new security features. They are called:
Intel® Software Guard Extensions (Intel® SGX) provide applications the ability to create hardware enforced trusted execution protection for their applications’ sensitive routines and data. Run-time execution is protected from observation or tampering by any other software (including privileged software) in a system.
Intel® Memory Protection Extensions (Intel® MPX) provides a set of hardware features that can be used by software in conjunction with compiler changes to check that memory references intended at compile time do not become unsafe at runtime due to buffer overflow or underflow.
And Trusted Platform Module is included in the processor now. I am sorry for the misunderstanding.
More details in the link below:
6th gen processors
The Intel® NUC Kit 6i3SYK has a i3-6100U
It is possible to increase NUC security enabling Intel® Trusted Execution Technology at Security tab in the BIOS.
When will Intel Visual BIOS "initialize" TPM functionality in their Skylake NUC product lineup allowing for platform security and hardening to prevent criminals from hacking into their customers' systems and networks?
I enabled Intel Platform Trust Technology in Intel Visual BIOS, but no TPM 2.0 settings appeared.
This NUC was designed to be my banking-only PC. Unfortunately, that's not going to happen because I need Intel Visual BIOS access to the Skylake TPM to harden and secure my banking NUC.
Hardware-based encryption and decryption are more secure and faster than software-based encryption and decryption. The Skylake processors were designed to do the hardware-based encryption and decryption, but Intel's Visual BIOS has not "initialized" it yet. Why?
BitLocker access to the Skylake TPM would enable hardware-based encryption and decryption of the SSD drive, the OS, and the firmware. Securing my banking NUC with an encrypted USB key and a PIN number requires BitLocker access the Skylake TPM.
For the past five years, my PCs have been plagued by boot-kit and root-kit viruses, and my patience for the PC is waning because of the resistance of PC OEMs like Intel to harden their systems.
PC users have an unalienable right to harden and secure their systems from being attacked and compromised over the Internet. Preventing PC owners from hardening and securing their banking PCs creates systemic risk to the integrity and security of the banking systems of the free world. Have you ever thought about that?
If hostile, foreign governments ever wanted to conduct cyber warfare against the citizens of the United States, they could easily target the unhardened and infected PCs through out the United States and the free world.
It's surprising that Tim Cook, the Apple CEO, is standing up to the government in favor of system hardening and encryption by its customers.
Will Intel's CEO, Brian Krzanich, ever stand up to Big Brother and defend PC users right to harden and secure their PC systems from attack over the Internet?
It's time that PC users stand up and defend their unalienable rights to harden and secure their computing systems from being attacked and compromised over the Inernet.
Thanks! Sorry about the long diatribe above. It's five years of PC frustration coming out.
Since 1986, I have been an exclusive owner of PCs running on the IBM chipset with Intel x86 processors, but that's changing in a few hours when my first iMac is expected to arrive from communist China. It makes me sick just thinking about it. I am surprised that Apple gave up their RISC processors in favor of Intel's x86 processors. From a system security standpoint, it is best to have a little bit of each in the mix so that if one is compromised, you have a working backup on an entirely different hardware and software platform.
See: "Apple’s Tim Cook Delivers Blistering Speech On Encryption, Privacy."
The path to the "Dark Side" is paved with lucrative government contracts:
See: "AT&T CEO calls for Congress to decide on encryption policy, says it’s not Tim Cook’s decision"