Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Asus / Infineon TPM firmware update?

lightknightrr
Level 8

‎10-14-2017 09:26 PM - last edited on ‎03-05-2024 06:22 PM by Community Admin

So, is Asus going to issue a firmware update for the Infineon TPM modules produced under its name, in light of the recently released security bulletin from our friends at Microsoft, or is this a case where we will have to so without, or buy entirely new modules?

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012


Infineon doesn't seem to be issuing the update to the masses, when it is available. It wants to do it through OEM channels, and Asus does qualify as an OEM (Original Equipment Manufacturer).

https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
0 Kudos
195,806 Views
119 REPLIES 119

Eltarin
Level 7
In response to Zinzan8

‎01-26-2018 11:38 PM

Asus Q170M-C firmware 3405,MS Windows 10 x64, worked fine. Great Thanks) Updated from 5.51.2098.0 to 5.62.3126.0
0 Kudos

lightknightrr
Level 8

‎01-28-2018 12:24 PM

@xrs01 -> post a screenshot / picture of your disabled TPM in the BIOS. I want to see something...
0 Kudos

lightknightrr
Level 8

‎02-02-2018 02:50 PM

Okay, we need some more volunteers for thurask's find. Any takers?
0 Kudos

AndyCalling
Level 7
In response to lightknightrr

‎02-03-2018 09:26 AM

lightknightrr wrote:
Okay, we need some more volunteers for thurask's find. Any takers?


I would love to try it, but the link provided offers no direct way to download the firmware files. Just a load of stuff about the Intel ME package which I can't install on my Ryzen system. If someone wants to make these firmware files available for download I'll give it a spin.
0 Kudos

thurask
Level 7
In response to AndyCalling

‎02-03-2018 11:07 AM

Here's the Supermicro files from the guide + 5.63 firmware, with TPMFactoryUpd copied to the Firmware folder and TPM20_latest.cfg edited: https://mega.nz/#!nJ92yLbI!5BtEltqBSnJXxhkCkzKeeifP5ki5FixVYZdrELd_B0I
0 Kudos

liuhongxin1993
Level 7
In response to thurask

‎02-04-2018 12:10 AM

Who has the update of 5.50.2022.0
Preview file
83 KB
0 Kudos

thurask
Level 7
In response to liuhongxin1993

‎02-04-2018 12:41 PM

liuhongxin1993 wrote:
Who has the update of 5.50.2022.0


The only other mention of 5.50.2022.0 I can find is in some Fujitsu systems, and the firmware isn't packaged the same way like it is for Supermicro or Clevo. They have a tool to write a UEFI TPM firmware updater to a USB stick, so that one can boot from that and update firmware that way instead of doing it from Windows. Here's a link to that tool: http://support.ts.fujitsu.com/IndexDownload.asp?SoftwareGuid=e7010898-dc99-4262-91f0-e4f10c1d6ecc

Inside the tool are the following firmware patches:
TPM20_5_50_2022_0_to_TPM20_5_62_3126_2 / TPM20_5_50_2022_2_to_TPM20_5_62_3126_2
TPM20_5_51_2098_0_to_TPM20_5_62_3126_0 / TPM20_5_51_2098_2_to_TPM20_5_62_3126_2
TPM20_5_60_2677_0_to_TPM20_5_62_3126_0 / TPM20_5_61_2785_0_to_TPM20_5_62_3126_0
TPM20_7_61_2785_0_to_TPM20_7_62_3126_0 / TPM20_7_61_2789_0_to_TPM20_7_62_3126_0
0 Kudos

liuhongxin1993
Level 7
In response to thurask

‎02-05-2018 05:45 AM

thurask wrote:
The only other mention of 5.50.2022.0 I can find is in some Fujitsu systems, and the firmware isn't packaged the same way like it is for Supermicro or Clevo. They have a tool to write a UEFI TPM firmware updater to a USB stick, so that one can boot from that and update firmware that way instead of doing it from Windows. Here's a link to that tool: http://support.ts.fujitsu.com/IndexDownload.asp?SoftwareGuid=e7010898-dc99-4262-91f0-e4f10c1d6ecc

Inside the tool are the following firmware patches:
TPM20_5_50_2022_0_to_TPM20_5_62_3126_2 / TPM20_5_50_2022_2_to_TPM20_5_62_3126_2
TPM20_5_51_2098_0_to_TPM20_5_62_3126_0 / TPM20_5_51_2098_2_to_TPM20_5_62_3126_2
TPM20_5_60_2677_0_to_TPM20_5_62_3126_0 / TPM20_5_61_2785_0_to_TPM20_5_62_3126_0
TPM20_7_61_2785_0_to_TPM20_7_62_3126_0 / TPM20_7_61_2789_0_to_TPM20_7_62_3126_0


@thurask
asus access violation error
Preview file
107 KB
0 Kudos

thurask
Level 7
In response to liuhongxin1993

‎02-08-2018 12:29 PM

liuhongxin1993 wrote:
@thurask
asus access violation error


Hmm, I can't test this myself, but let's try Plan B.

This is the same file as in post #77 but with more firmwares added in, including 5.50.2022.0 to 5.62.3126.2: https://mega.nz/#!iQdU3IhD!jloUuT3hOKEWxW_Xa3eAMCPo0O1HhiKNt62RkC5pjBo

Download it, and do the same steps as the guide in post #45, except the copying part of step 5 is done already, and you will have to run a different command in step 6:

TPMFactoryUpd -update tpm20-emptyplatformauth -firmware TPM20_5.50.2022.0_to_TPM20_5.62.3126.2.BIN

Hopefully that works.
0 Kudos

AndyCalling
Level 7
In response to thurask

‎02-10-2018 03:24 PM

OK, so I tried and succeeded in updating to firmware 5.63.3144.0, cleared it and set up Windows Hello again and Bitlocker. It all seems to work fine.

However, on checking the event viewer I'm now getting an 'SCEP Certificate enrolment for ... failed' error at each reboot, which is detailed as 'An unexpected internal error has occurred in the Platform Crypto Provider. 0x80290407 (-2144795641 TPM_E_PCP_INTERNAL_ERROR)'. Not good.

So I guess this method isn't so ideal. Does anyone else see this issue?

Anyway, until we get a proper fix I suppose I'll stick with the fTPM.
0 Kudos