cancel
Showing results for 
Search instead for 
Did you mean: 

Asus / Infineon TPM firmware update?

lightknightrr
Level 8
So, is Asus going to issue a firmware update for the Infineon TPM modules produced under its name, in light of the recently released security bulletin from our friends at Microsoft, or is this a case where we will have to so without, or buy entirely new modules?

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012


Infineon doesn't seem to be issuing the update to the masses, when it is available. It wants to do it through OEM channels, and Asus does qualify as an OEM (Original Equipment Manufacturer).

https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
212,616 Views
119 REPLIES 119

Tried the steps as descriped but got an error message:

Error Code: 0xE0295507
Message: TPM2.0: PlatformAuth is not the Empty Buffer. The
firmware cannot be updated.

Any ideas?

TPM is cleared and disabled, drive not encrypted and not in use.

Thank you

SirRobin wrote:
Tried the steps as descriped but got an error message:

Error Code: 0xE0295507
Message: TPM2.0: PlatformAuth is not the Empty Buffer. The
firmware cannot be updated.

Any ideas?

TPM is cleared and disabled, drive not encrypted and not in use.

Thank you


I encountered the same error with my first attempt where I didn't fully disable the TPM via the BIOS. I've updated the firmware on a load of HP devices and this wasn't a necessary step, so I thought I'd see if it was here, but it apparently is. I see that you say you've done that though - did you copy both TPMFactoryUpd.exe and TVicPort.sys to the Firmware directory?

Ok, now it worked - i had to switch to firmware tpm in bios settings, discrete tpm was my setting first. after that, booted in windows and finished fw update without problems 🙂

Seems that TPM can´t fully disable in CROSSHAIR VI HERO BIOS, right?

Interesting solution, Thanks. Did anyone try this on Motherboard with integrated IFX TPM (for example, Q170M-C)?

Thanks RASMORTHIL this worked for me too! 🙂

81696

I know it's been a minute since anyone posted in here. I am having difficulties with finding the proper firmware file. After much trial and error I figured out how to do the update but I can't find proper firmware file. Any help would be much appreciated.

Thank You

rasmorthil wrote:
In case it is helpful to someone, I found a way to update my Asus TPM-M R2.0 14-1 Pin TPM Module to the latest 5.62.3126.0 firmware (previously the TPM had the 5.61.2785.0 firmware with the vulnerability)...



You give me the day,
It seems incredible to me that what has not been done by ASUS has been done by a third party. Great luck that the SuperMicro gentlemen placed modules with the same chip

Of course, working perfectly 🙂

rasmorthil wrote:
In case it is helpful to someone, I found a way to update my Asus TPM-M R2.0 14-1 Pin TPM Module to the latest 5.62.3126.0 firmware (previously the TPM had the 5.61.2785.0 firmware with the vulnerability).

Supermicro (a great server company) sells Infineon-based TPMs - e.g., see http://supermicro.com/products/accessories/addon/AOM-TPM-9665V.cfm. Unlike Asus (:mad:) Supermicro has issued the latest firmware security updates for their Infineon TPM modules. Their update packages appear to be general Infineon updates, so I figured it'd be worth a try to update my Asus module using one.

Note that you should only attempt this sort of update if you know what you are doing!! If you aren't adept at the command line or if this is all new to you, then DO NOT ATTEMPT THIS. YOU CAN LOSE DATA IF YOU ARE USING BITLOCKER, etc.!!!

I'll explain what I did and if you want to try with your system/TPM module you will need to adapt as appropriate for your system.

1. You can find TPM update packages by browsing to ftp://ftp.supermicro.com/driver/TPM/. In my case I looked at the various firmwares included, and the "9665FW update package_1.1.zip" bundle contained firmware that matched my Asus TPM. So be sure to pick the right update bundle for your TPM (?).

2. I completely turned OFF and disable Bitlocker and Windows Hello. You must decrypt your drive so that the TPM is NOT in use!

3. I ran "tpm.msc" and executed the "Clear TPM..." option in Action. This rebooted the machine and the Asus BIOS had me press F12 to clear the TPM.

4. After rebooting again, I then booted into the BIOS and turned the TPM completely OFF in the BIOS settings. You must completely disable Windows' use of the TPM in order to update the firmware.

5. I booted back into Windows, and extracted the firmware update package bundle. For ease of operation I then copied the Windows update executable from the "...\Tools\WinPE\Bin\x64\" directory into the "...\Firmware\" directory.

6. I then ran an Administrator command prompt, and changed to the "...\Firmware\" directory. Then I ran "TPMFactoryUpd.exe -update config-file -config TPM20_latest.cfg". The updater detected my TPM, and flash updated to the latest firmware in the bundle. Again, if you try this your command line may need to be different (use "TPMFactoryUpd.exe -?" for command line help with the tool).

70491

7. Then I rebooted back to the BIOS, turned the TPM back on, and re-enabled everything, and "tpm.msc" shows that my Asus TPM has been updated and no longer has the vulnerability.

70492

Note that the update bundle also includes a UEFI updater that you can run from the BIOS, but I didn't bother doing that because I didn't have time to figure it out.

Anyway I hope this is helpful to others!


I have ASUS H170 PRO GAMING motherboard with Asus TPM-M R2.0 14-1 Pin TPM Module installed. When I try to upgrade the firmware, I get:

Infineon Technologies AG TPMFactoryUpd Version 01.01.2212.00
[2018-01-21 18:28:29.840]
Error: open "TVicPort"-Driver failed !!!
Error initializing LowLevelIO: 0xE0295200
Error detected:
Final code: 0xE0295200
Final message: No connection to the TPM or TPM not found.
Module: ..\Common\DeviceManagement.c; Function: DeviceManagement_Connect; Line: 340
Code: 0xE0295200
Message: TPMConnect failed: 0xE0295200

I have copied all files from "...\Tools\WinPE\Bin\x64\" to the "...\Firmware\" directory. And used "TPMFactoryUpd.exe -update config-file -config TPM20_latest.cfg" command in CMD (executed as administrator).

Anyone else is having this problem?

@xrs01 - did you disable the TPM in the BIOS?

Lugusto wrote:
@xrs01 - did you disable the TPM in the BIOS?


I tried it both ways. Same result.

lightknightrr wrote:
@xrs01 - When you run Get-TPM inside PowerShell (Administrator Mode), what is the output?


PS C:\WINDOWS\system32> Get-TPM


TpmPresent : True
TpmReady : True
ManufacturerId : 1229346816
ManufacturerIdTxt : IFX
ManufacturerVersion : 5.61
ManufacturerVersionFull20 : 5.61.10.57600

ManagedAuthLevel : Full
OwnerAuth : ...
OwnerClearDisabled : False
AutoProvisioning : Enabled
LockedOut : False
LockoutHealTime : 10 minutes
LockoutCount : 0
LockoutMax : 31
SelfTest : {}

70988