10-14-2017 09:26 PM - last edited on 03-05-2024 06:22 PM by ROGBot
01-14-2018 11:12 AM
01-14-2018 03:51 PM
SirRobin wrote:
Tried the steps as descriped but got an error message:
Error Code: 0xE0295507
Message: TPM2.0: PlatformAuth is not the Empty Buffer. The
firmware cannot be updated.
Any ideas?
TPM is cleared and disabled, drive not encrypted and not in use.
Thank you
01-14-2018 09:39 PM
01-16-2018 10:43 AM
01-14-2018 12:11 PM
09-01-2019 08:52 AM
01-17-2018 05:20 PM
rasmorthil wrote:
In case it is helpful to someone, I found a way to update my Asus TPM-M R2.0 14-1 Pin TPM Module to the latest 5.62.3126.0 firmware (previously the TPM had the 5.61.2785.0 firmware with the vulnerability)...
01-22-2018 08:16 AM
rasmorthil wrote:
In case it is helpful to someone, I found a way to update my Asus TPM-M R2.0 14-1 Pin TPM Module to the latest 5.62.3126.0 firmware (previously the TPM had the 5.61.2785.0 firmware with the vulnerability).
Supermicro (a great server company) sells Infineon-based TPMs - e.g., see http://supermicro.com/products/accessories/addon/AOM-TPM-9665V.cfm. Unlike Asus (:mad:) Supermicro has issued the latest firmware security updates for their Infineon TPM modules. Their update packages appear to be general Infineon updates, so I figured it'd be worth a try to update my Asus module using one.
Note that you should only attempt this sort of update if you know what you are doing!! If you aren't adept at the command line or if this is all new to you, then DO NOT ATTEMPT THIS. YOU CAN LOSE DATA IF YOU ARE USING BITLOCKER, etc.!!!
I'll explain what I did and if you want to try with your system/TPM module you will need to adapt as appropriate for your system.
1. You can find TPM update packages by browsing to ftp://ftp.supermicro.com/driver/TPM/. In my case I looked at the various firmwares included, and the "9665FW update package_1.1.zip" bundle contained firmware that matched my Asus TPM. So be sure to pick the right update bundle for your TPM (?).
2. I completely turned OFF and disable Bitlocker and Windows Hello. You must decrypt your drive so that the TPM is NOT in use!
3. I ran "tpm.msc" and executed the "Clear TPM..." option in Action. This rebooted the machine and the Asus BIOS had me press F12 to clear the TPM.
4. After rebooting again, I then booted into the BIOS and turned the TPM completely OFF in the BIOS settings. You must completely disable Windows' use of the TPM in order to update the firmware.
5. I booted back into Windows, and extracted the firmware update package bundle. For ease of operation I then copied the Windows update executable from the "...\Tools\WinPE\Bin\x64\" directory into the "...\Firmware\" directory.
6. I then ran an Administrator command prompt, and changed to the "...\Firmware\" directory. Then I ran "TPMFactoryUpd.exe -update config-file -config TPM20_latest.cfg". The updater detected my TPM, and flash updated to the latest firmware in the bundle. Again, if you try this your command line may need to be different (use "TPMFactoryUpd.exe -?" for command line help with the tool).
7. Then I rebooted back to the BIOS, turned the TPM back on, and re-enabled everything, and "tpm.msc" shows that my Asus TPM has been updated and no longer has the vulnerability.
Note that the update bundle also includes a UEFI updater that you can run from the BIOS, but I didn't bother doing that because I didn't have time to figure it out.
Anyway I hope this is helpful to others!
01-22-2018 12:51 PM
01-28-2018 09:06 AM
Lugusto wrote:
@xrs01 - did you disable the TPM in the BIOS?
lightknightrr wrote:
@xrs01 - When you run Get-TPM inside PowerShell (Administrator Mode), what is the output?