Infineon Technologies Trusted Platform Modules (TPMs), Security Feature Bypass Vulnerability

Document ID: 4015874
Posted Date: 2018-03-20
Last Updated: 2018-03-20
Distribution: View Public Website

Issue

Infineon® Technologies Trusted Platform Modules (TPMs), Security Feature Bypass Vulnerability

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Potential Security Impact: A security vulnerability exists in certain Trusted Platform Module (TPM) firmware. The vulnerability weakens key strength. It is important to note that this is a firmware vulnerability, and not a vulnerability in the operating system or a specific application. Toshiba is working closely with Infineon® to validate their fix and ensure it works across Toshiba’s range of products. Until firmware updates are available, it is recommended that people and companies using Toshiba PCs and devices that incorporate TPMs to take steps to maintain the security of their systems and information.

Source: Infineon® & Microsoft® Security TechCenter

For general guidance on this issue, please see this announcement from Infineon® & Microsoft®

Infineon® Technologies - https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160

Microsoft® Security TechCenter - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012

Resolution

Recommended Actions:

Step 1: Apply All Microsoft® Windows Operating Systems Security Updates.

Step 2: Determine devices in your organization that are affected - Use event log entries.

NOTE: After the applicable Windows update is applied, the system will generate Event ID 1794 in the Event Viewer after each reboot under Windows Logs - System when vulnerable firmware is identified. On devices running Windows 10 that have the October 2017 security update installed, in a CMD prompt, type "TPM.MSC" to open the Trusted Platform Module (TPM) Management snap-in. Devices with affected TPM modules will display the following error message: (Shown Below)

"The TPM is ready for use. The TPM firmware on this PC has a known security problem. Please contact your PC manufacturer to find out if an update is available. For more information please go to https://go.microsoft.com/fwlink/?linkid=852572."

If you determine that you do not have an Infineon® TPM capable system then no further action is required.
If your PC is affected, go to Step 3 below to locate your PC model and firmware availability.
- If your firmware is not available, Microsoft® has provided the following mitigation process that is recommened until the release of the firmware update package.
  - Microsoft® Security TechCenter - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012

Step 3: Download and run the firmware update tool provided by Toshiba

IMPORTANT NOTE: Refer to Microsoft® Security TechCenter document before clearing & resetting TPM keys:( https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012 )

For help finding your model number CLICK HERE

Toshiba’s TPM Firmware Release Schedule:

Infineon Chipset Version: SLB 9660 TPM 1.2
Model Name	Model Number	Affected Firmware	FW Version to Fix Issue	Target Available Date	Link to Firmware
PORTEGE WT20-B	PT15C	FW 4.40	FW 4.43	Available	Download Installation Instructions
PORTEGE Z20t-B	PT15A
PORTEGE Z20t-B	PT15B
PORTEGE Z30-B	PT251
	PT253
	PT254
PORTEGE Z30-C	PT261
PORTEGE Z30-C	PT263
Satellite Pro A50-C	PS56A
	PS56C
	PS56J
Satellite Pro R50-B	PSSG2
	PSSG3
	PSSG7
Satellite Pro R50-C	PS562
Satellite Pro R50-C	PS566
TECRA A50-C	PS569
	PS56D
	PS56H
	PS56M
	PS57B
TECRA C50-B	PSSG3
	PSSG6
	PSSG7
TECRA C50-C	PS561
	PS563
	PS565
TECRA Z40-B	PT454
	PT459
	PT45F
	PT45G
TECRA Z40-C	PT463

Infineon Chipset Version: SLB 9665 TPM 2.0 (Based on BIOS Versions)
Model Name	Model	Affected Firmware	FW Version to Fix Issue	Required BIOS Version v2.60	TPM FW Update Version 1.0.0.1
PORTEGE X30-D	PT272	FW 5.61	FW 5.62	BIOS-Download	TPMFW-Download Installation Insturctions
	PT274
TECRA X40-D	PT472
	PT474

Model Name	Model	Affected Firmware	FW Version to Fix Issue	Required BIOS Version v3.00	TPM FW Update Version 1.0.0.1
PORTEGE X20W-D	PRT12	FW 5.51	FW 5.62	BIOS-Download	TPMFW-Download Installation Instructions
	PRT12
	PRT13

Model Name	Model	Affected Firmware	FW Version to Fix Issue	Required BIOS Version v4.10	TPM FW Update Version 1.0.0.1
PORTEGE R30-D	PT381	FW 5.61	FW 5.62	BIOS-Download	TPMFW-Download Installation Instructions
	PT382
	PT383
	PT385
Satellite Pro A50-D	PS585
Satellite Pro R50-D	PS581
	PS582
	PS586
TECRA A40-D	PS481
	PS482
	PS483
	PS485
	PS486
TECRA A50-D	PS589
	PS58A
	PS58B
	PT583
TECRA Z50-D	PT581

Model Name	Model	Affected Firmware	FW Version to Fix Issue	Required BIOS Version v6.00	TPM FW Update Version 1.0.0.1
PORTEGE Z20t-C	PT16A	FW 5.50	FW 5.62	BIOS-Download	TPMFW-Download Installation Instructions
	PT16B
PORTEGE WT20-C	PT16C	FW 5.51
PORTEGE Z20t-C	PT16A
	PT16B

Model Name	Model	Affected Firmware	FW Version to Fix Issue	Required BIOS Version v6.40	TPM FW Update Version 1.0.0.1
PORTEGE Z30-C	PT261	FW 5.50	FW 5.62	BIOS-Download	TPMFW-Download Installation Instructions
	PT263
	PT265
TECRA Z40-C	PT461
	PT463
	PT465
PORTEGE Z30-C	PT261	FW 5.51
	PT263
	PT265
TECRA Z40-C	PT461
	PT463
	PT465

Model Name	Model	Affected Firmware	FW Version to Fix Issue	Required BIOS Version v8.10	TPM FW Update Version 1.0.0.1
PORTEGE R30-C	PT361	FW 5.50	FW 5.62	BIOS-Download	TPMFW-Download Installation Instructions
	PT363
	PT365
Satellite Pro A40-C	PS461
Satellite Pro A40-C	PS462
TECRA A40-C	PS463
TECRA A40-C	PS465
PORTEGE R30-C	PT361	FW 5.51
	PT363
	PT365
Satellite Pro A40-C	PS461
Satellite Pro A40-C	PS462
Satellite Pro A50-C	PS575
	PS57D
	PS57E
Satellite Pro R50-C	PS571
	PS572
	PS573
	PS576
TECRA A40-C	PS463
TECRA A40-C	PS465
TECRA A50-C	PS579
	PS57B
	PS57H
	PT571
	PT573
	PT577

Infineon Chipset Version: SLB 9665 TPM 2.0

Model Name

Model
Number

Affected
Firmware

FW Version
to Fix Issue

Target Available Date

Link to Firmware

Toshiba dynaEdge

POC11

FW 5.61

FW 5.62

Available

TPMFW-Download

Installation Insturctions

Infineon Chipset Version: SLB 9655 TPM 1.2
Model Name	Model Number	Affected Firmware	FW Version to Fix Issue	Target Available Date	Link to Firmware
PORTEGE R30-A	PT341	FW 4.32	FW 4.34	Available	TPMFW-Download Installation Insturctions
	PT343
	PT344
PORTEGE Z10t-A	PT141
PORTEGE Z10t-A	PT142
PORTEGE Z30-A	PT241
PORTEGE Z30-A	PT243
PORTEGE Z30t-A	PT24A
PORTEGE Z30t-A	PT24C
Satellite Pro A50-A	PT64N
Satellite Pro R50-B	PSSG0
	PSSG1
	PSSG4
	PSSG5
TECRA A50-A	PT641
	PT644
	PT645
	PT648
	PT64Q
TECRA C50-B	PSSG1
	PSSG4
	PSSG5
TECRA W50-A	PT640
TECRA Z40-A	PT444
	PT449
	PT44F
	PT44G
TECRA Z50-A	PT540
	PT544
	PT545
WT310	PT143
WT310	PT144

* The information in this document is subject to change without notice.
* "Infineon" is a trademark of Infineon Technologies in the U.S. and other countries.
* "Microsoft" is a trademark of Intel Microsoft, Inc. in the U.S. and other countries.
* Other names and brands may be claimed as the property of others.

Export Control and EULA

Use of any software made available for download from this system constitutes your acceptance of the Export Control Terms and the terms in the Dynabook end-user license agreement both of which you can view before downloading any such software.