cancel
Showing results for 
Search instead for 
Did you mean: 

Asus / Infineon TPM firmware update?

lightknightrr
Level 8
So, is Asus going to issue a firmware update for the Infineon TPM modules produced under its name, in light of the recently released security bulletin from our friends at Microsoft, or is this a case where we will have to so without, or buy entirely new modules?

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012


Infineon doesn't seem to be issuing the update to the masses, when it is available. It wants to do it through OEM channels, and Asus does qualify as an OEM (Original Equipment Manufacturer).

https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
212,254 Views
119 REPLIES 119

Redachi
Level 7
I realize this thread hasn't been posted to for awhile now, but just wanted to update. I just ordered the 14-1 TPM Module off of Newegg, fully expecting to follow this guide to update. Lo and behold, it came with 5.63.3144.0 already installed. I didn't need to do anything special to get Bitlocker working.

Redachi wrote:
I realize this thread hasn't been posted to for awhile now, but just wanted to update. I just ordered the 14-1 TPM Module off of Newegg, fully expecting to follow this guide to update. Lo and behold, it came with 5.63.3144.0 already installed. I didn't need to do anything special to get Bitlocker working.

If you can tell me who on Newegg is selling I will do myself a favor and stop trying to use the Asus update as written about below—please provide vendor
Asus has released a Firmware Update for the 5.51 and 5.61 TPM modules to be converted to the 5.63 version that works with Microsoft Windows 10.
https://www.asus.com/Motherboard-Accessory/TPM-M-R2-0/HelpDesk_BIOS/
THE PROBLEM IS THAT THIS FIRMWARE UPDATED DON’T WORK
I have both versions of the TPM modules (14-1) the 5.51 and 5.61, I have attempted to update these modules on two Asus computers (ROG Rampage V Edition 10 and Crosshair VI Hero). After modifying the UEIF according to directions the update will not run properly. Perhaps I am doing something wrong but I believe that the problem is with how the files are laid out in the directory that is placed on a USB stick. Below is the link to the official directions:
https://www.asus.com/Motherboard-Accessory/TPM-M-R2-0/HelpDesk_Manual/

Zinzan8
Level 7
Who was the seller on NewEgg that sent you the updated firmware? I see multiple sellers, currently defaulting to BTE Outlet.

Pretty disappointed that Asus is not helping more in providing downloadable firmware, or helping us identify new modules to purchase.

shibz
Level 7
Recently (mid April) received an Asus TPM-M R2.0 14-1 Pin module from Newegg via a 3rd party seller (hotdeals4less). It arrived with the 5.63 firmware. Odd that Asus is manufacturing/selling TPMs with the update, yet aren't making it available to customers who have already purchased it. Been a loyal Asus customer for over a decade, but a bit disappointed at what I'm seeing here 😞

shibz wrote:
Recently (mid April) received an Asus TPM-M R2.0 14-1 Pin module from Newegg via a 3rd party seller (hotdeals4less). It arrived with the 5.63 firmware. Odd that Asus is manufacturing/selling TPMs with the update, yet aren't making it available to customers who have already purchased it. Been a loyal Asus customer for over a decade, but a bit disappointed at what I'm seeing here 😞


Well that fellow did post the link somewhere in here, they eventually did create a TPM update of their own here https://www.asus.com/Motherboard-Accessory/TPM-M-R2-0/HelpDesk_BIOS/

Only thing is why didn't they do it before and make it easier to find LOL

pl_02
Level 7
So if you have a Dell, HP, Lenovo, Supermicro or IBM system, you get a firmware update and were covered before any of this became public.

If you have an ASUS board or system with a TPM header, you never get an update and have to hack your system into shape with tools and code downloaded from competitor vendor products.

They are leaving this and hanging us all out to dry. ASUS support has proved useless. It was the same with Spectre and Meltdown vulns, which noone can make heads or tales of the changes they made, let alone know how they will affect system performance.

Why have they not fixed something that simply needed a 3rd party's lib file updated, for >12months now?

peatrick
Level 8
@mconti85 -- in order to match the firmware version, we'd need to know the specific make/model of your TPM chip. Most newer ones SHOULD be able to be updated, however I'm not sure that all are capable of running the patched firmware versions. YMMV.

ups..

If you installed Windows 11 using dTPM, check the [Security processor details] window and the [Security processor trouble shooting] window.
When I used the TPM with firmware version 5.61.2785.0 or 5.63.3144.0, I got an error.
You can also check it by running the "tpmtool getdeviceinformation" command at the command prompt.
It seems that Windows 11 has determined that version 5.63.3144.0 or earlier is vulnerable and recommends updating the firmware.

Even with this issue, BitLocker was successfully applied for the boot drive. Perhaps this issue limits the functionality of something other than BitLocker.

The TPM with firmware version 5.63.3353.0 was fine.
I think ASUS should provide firmware version 5.63.3353.0 for TPM-M R2.0/TPM-L R2.0 users.

* There are people working on this issue.
https://twitter.com/PremaMod/status/1448306173384527874
* On Windows 10, firmware version 5.63.3144.0 seems to be fine.
* According to a review on amazon.com, the firmware version of TPM-M R2.0 was already 5.63.3353.0 as of August 2018.
It is also reported that the firmware version of TPM-L R2.0 was 5.63.3353.0 as of #109 (July 2018) of this thread.
* Compatible TPMs sold by Amazon etc. may have an old firmware version installed.
There is a case where the firmware version of FIPS 140-2 specification (for example, the last part is ".2" like 5.0.1089.2) is installed in TPM, and the firmware file for updating to the latest version cannot be found. Please be careful.

BillBittel
Level 12
Is that SuperMicro FTP site still up and running? I tried to connect but was not able to. My FTP client is working fine with other FTP sites. I also tried it on ftptest.net and it could not resolve the address. I downloaded the 9665FW update packate_to_3353.rar file that russd884 kindly provided, so I have the files I need. I am just curious why I can't connect to the SuperMicro FTP site. Best I can tell, its just not there anymore.