Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Asus / Infineon TPM firmware update?

lightknightrr
Level 8

‎10-14-2017 09:26 PM - last edited on ‎03-05-2024 06:22 PM by Community Admin

So, is Asus going to issue a firmware update for the Infineon TPM modules produced under its name, in light of the recently released security bulletin from our friends at Microsoft, or is this a case where we will have to so without, or buy entirely new modules?

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012


Infineon doesn't seem to be issuing the update to the masses, when it is available. It wants to do it through OEM channels, and Asus does qualify as an OEM (Original Equipment Manufacturer).

https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
0 Kudos
196,042 Views
119 REPLIES 119

Theliel
Level 7
In response to AndyCalling

‎02-12-2018 11:09 PM

AndyCalling wrote:
OK, so I tried and succeeded in updating to firmware 5.63.3144.0, cleared it and set up Windows Hello again and Bitlocker. It all seems to work fine.

However, on checking the event viewer I'm now getting an 'SCEP Certificate enrolment for ... failed' error at each reboot, which is detailed as 'An unexpected internal error has occurred in the Platform Crypto Provider. 0x80290407 (-2144795641 TPM_E_PCP_INTERNAL_ERROR)'. Not good.

So I guess this method isn't so ideal. Does anyone else see this issue?

Anyway, until we get a proper fix I suppose I'll stick with the fTPM.



Probably because is a modded firmware and digital signature is broken. Try:

Get-TpmEndorsementKeyInfo in powerShell
0 Kudos

frank303
Level 7
In response to Theliel

‎03-03-2018 08:52 PM

Does any of the above work on the Asus v.1.2 TPM FW3.19?
0 Kudos

thurask
Level 7
In response to frank303

‎03-08-2018 08:55 AM

frank303 wrote:
Does any of the above work on the Asus v.1.2 TPM FW3.19?


I'm not 100% sure but I think the TPM chip for that is the Infineon SLB 9635, which is not vulnerable.
0 Kudos

liuhongxin1993
Level 7
In response to thurask

‎02-12-2018 12:27 AM

thurask wrote:
Hmm, I can't test this myself, but let's try Plan B.

This is the same file as in post #77 but with more firmwares added in, including 5.50.2022.0 to 5.62.3126.2: https://mega.nz/#!iQdU3IhD!jloUuT3hOKEWxW_Xa3eAMCPo0O1HhiKNt62RkC5pjBo

Download it, and do the same steps as the guide in post #45, except the copying part of step 5 is done already, and you will have to run a different command in step 6:

TPMFactoryUpd -update tpm20-emptyplatformauth -firmware TPM20_5.50.2022.0_to_TPM20_5.62.3126.2.BIN

Hopefully that works.


thank you
Preview file
87 KB
Preview file
68 KB
0 Kudos

AndyCalling
Level 7
In response to thurask

‎02-05-2018 03:02 PM

thurask wrote:
Here's the Supermicro files from the guide + 5.63 firmware, with TPMFactoryUpd copied to the Firmware folder and TPM20_latest.cfg edited: https://mega.nz/#!nJ92yLbI!5BtEltqBSnJXxhkCkzKeeifP5ki5FixVYZdrELd_B0I


Excellent job, that man. I shall test it out on the weekend. I am currently using the fTPM in my CPU so if this falls over on my dTPM and it gets trashed then I'll shrug, go back to my fTPM and avoid ASUS.

Note, folks, that I have the ASUS TPM-L R2.0 (link below) which is the 20 pin model. It should use the same firmware though, I believe. I suppose I'll find out. I shall report back at the weekend.

https://www.amazon.co.uk/Accessory-Module-Connector-ASUS-Motherboard/dp/B01EU542SG
0 Kudos

SirRobin
Level 8
In response to thurask

‎04-25-2018 02:22 PM

thurask wrote:
Here's the Supermicro files from the guide + 5.63 firmware, with TPMFactoryUpd copied to the Firmware folder and TPM20_latest.cfg edited: https://mega.nz/#!nJ92yLbI!5BtEltqBSnJXxhkCkzKeeifP5ki5FixVYZdrELd_B0I



Thank you very much! Worked like a charm but only after switched the BIOS setting from Discrete to Interal TPM. After that, update of tpm was done in a few seconds, after reboot switched back to discrete TPM. So i think this is the correct setting...
0 Kudos

lightknightrr
Level 8

‎02-04-2018 04:33 PM

Confirmed, it works.
0 Kudos

Advis
Level 7

‎04-22-2018 01:55 AM

Have used the advice posted in this thread to update to 5.63.3144. I ended up flashing twice; once to go to 5.62, then again to 5.63 when I was confident in the procedure. I have now encrypted my volumes with Bitlocker as I originally set out. Thank you all for posting

@ASUS it's not acceptable that you're letting the community fix. I've also followed a similar procedure to update a Dell XPS 13 9360 TPM which was officially provided by Dell. Not sure why ASUS can't do the same.

EDIT: As an official TPM-M firmware update was posted by ASUS before this post was made I withdraw the remark above. Apologies to ASUS.
0 Kudos

iceland2
Level 7

‎04-24-2018 01:03 PM

I succeded in updating the firmware on a TPM L R2.0 with the above procedure but now when I attempt to clear the TPM the bios just don't ask me to press F12 anymore.
Neither by Windows neither by BIOS it wants to clear...

Asus x99 E WS USB3.1 bios 3601





Inviato dal mio SM-T825 utilizzando Tapatalk
0 Kudos

SirRobin
Level 8

‎05-03-2018 05:52 AM

Please, can someone give me information how i can also use TPM for bitlocker on a second hdd?

Bitlocker is used for my ssd perfectly but my hdd for data - also bitlocker encrypted - sometimes need my recovery password for bootup... are there some special settings for me that i can also save the key in tpm modul? thank you for your help!
0 Kudos