HPSBHF03568 rev. 11 - Infineon TPM Security Update
VULNERABILITY SUMMARY
A security vulnerability was identified in the RSA key generation method used by TPM products listed below. This leaves the keys potentially vulnerable via targeted, computationally expensive attacks. These RSA keys generated by the TPM are used with certain software products and should not be considered secure. Updated TPM firmware versions which enable more secure key generation are listed in the RESOLUTION section for the following dedicated TPM products.
SLB 9635 (TPM 1.2) is not affected.
RESOLUTION
HP has provided the following updates for Infineon Trusted Platform Module. Download and run the Softpaq to extract files. By default, the files will be extracted to the C:\SWSETUP folder. Navigate to the folder with the relevant Softpaq number and open the pdf file for further instructions and details. For details on the impact of this firmware update for Windows software such as BitLocker see the following Microsoft advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012.
Downloads here
Commercial Notebooks, Mobile Thin Clients, Mobile Workstations
VULNERABILITY SUMMARY
A security vulnerability was identified in the RSA key generation method used by TPM products listed below. This leaves the keys potentially vulnerable via targeted, computationally expensive attacks. These RSA keys generated by the TPM are used with certain software products and should not be considered secure. Updated TPM firmware versions which enable more secure key generation are listed in the RESOLUTION section for the following dedicated TPM products.
- SLB 9670 (TPM 2.0), Versions: 7.40, 7.41, 7.60, 7.61
- SLB 9670 (TPM 1.2), Versions: 6.40, 6.41, 6.42
- SLB 9665 (TPM 2.0), Versions: 5.00, 5.40, 5.50, 5.51, 5.60, 5.61
- SLB 9660 (TPM 1.2), Versions: 4.40, 4.42
- SLB 9656 (TPM 1.2), Versions: 4.30, 4.31, 4.32, 4.33
SLB 9635 (TPM 1.2) is not affected.
RESOLUTION
HP has provided the following updates for Infineon Trusted Platform Module. Download and run the Softpaq to extract files. By default, the files will be extracted to the C:\SWSETUP folder. Navigate to the folder with the relevant Softpaq number and open the pdf file for further instructions and details. For details on the impact of this firmware update for Windows software such as BitLocker see the following Microsoft advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012.
Downloads here
Commercial Notebooks, Mobile Thin Clients, Mobile Workstations
