Microsoft has recently updated (or created?, as I’ve never read it before) this document, showing how to update your TPM firmware.
https://support.microsoft.com/en-us/help/4096377/windows-10-update-security-processor-tpm-firmware
Tag: Infineon
Toshiba: Infineon TPMs, Security Feature Bypass Vulnerability
Infineon Technologies Trusted Platform Modules (TPMs), Security Feature Bypass Vulnerability
Document ID: 4015874
Posted Date: 2018-03-20
Last Updated: 2018-03-20
Infineon® Technologies Trusted Platform Modules (TPMs), Security Feature Bypass Vulnerability
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Potential Security Impact: A security vulnerability exists in certain Trusted Platform Module (TPM) firmware. The vulnerability weakens key strength. It is important to note that this is a firmware vulnerability, and not a vulnerability in the operating system or a specific application. Toshiba is working closely with Infineon® to validate their fix and ensure it works across Toshiba’s range of products. Until firmware updates are available, it is recommended that people and companies using Toshiba PCs and devices that incorporate TPMs to take steps to maintain the security of their systems and information.
Toshiba’s TPM Firmware Release Schedule:[…]
Source: Infineon® & Microsoft® Security TechCenter
new ChromeOS TPM security feature
INTEL-001-04 security advisory: Intel NUC and Infineon TPM
Intel® NUC Kit with Infineon Trusted Platform Module
Intel ID: INTEL-SA-00104
Product family: Intel® NUC Kit
Impact of vulnerability: Information Disclosure
Severity rating: Important
Original release: Jan 16, 2018
Last revised: Jan 16, 2018
Certain Intel® NUC systems contain an Infineon Trusted Platform Module (TPM) that has an information disclosure vulnerability as described in CVE-2017-15361.
Recently, a research team developed advanced mathematical methods to exploit the characteristics of acceleration algorithms for prime number finding, which are common practice today for RSA key generation. For more information please reference the public advisory issued by Infineon.
Intel highly recommends users make sure they have the appropriate Windows operating system patches to work around this vulnerability.
For customers that require a firmware upgrade please contact Intel Customer Support at https://www.intel.com/content/www/us/en/support.html for assistance.
All newly manufactured Intel® NUC systems that contain the Infineon TPM have been updated with the updated firmware from Infineon.
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00104&languageid=en-fr
more on Infineon TPM issue
The UK gov guidance was also recently updated, so maybe worth a re-read:
https://www.ncsc.gov.uk/guidance/roca-infineon-tpm-and-secure-element-rsa-vulnerability-guidance
https://blog.cr.yp.to/20171105-infineon.html
https://blog.habets.se/2017/10/Is-my-TPM-affected-by-the-Infineon-disaster.html
https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
http://mickitblog.blogspot.com/2017/10/infineon-tpm-vulnerability-report-using.html
http://www.thesccm.com/configmgr-query-infineon-firmware-tpm-microsoft-advisory-adv170012/
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update
Encryption chip flaw afflicts huge number of computers
more on Infineon TPM issue
https://www.rsa.com/en-us/blog/2017-10/roca-blaming-infineon-is-the-easy-way-out
https://www.ncsc.gov.uk/guidance/roca-infineon-tpm-and-secure-element-rsa-vulnerability-guidance
https://lwn.net/Articles/736736/
https://lkml.org/lkml/2017/10/25/382
https://blog.rapid7.com/2017/10/25/roca-vulnerable-rsa-key-generation/
https://en.wikipedia.org/wiki/ROCA_vulnerability
http://www.cvedetails.com/cve/CVE-2017-15361/
http://www.securityfocus.com/bid/101484
https://www.cvedetails.com/bugtraq-bid/101484/Infineon-RSA-Library-CVE-2017-15361-Cryptographic-Security-B.html
more on Infineon TPM issue
Simple PowerShell script to check whether a computer is using an Infineon TPM chip that is vulnerable to CVE-2017-15361.
https://github.com/lva/Infineon-CVE-2017-15361
Windows tool that analyzes your computer for Infineon TPM weak RSA keys (CVE-2017-15361)
https://github.com/jnpuskar/RocaCmTest
Infineon Embedded Linux TPM Toolbox 2 (ELTT2) for TPM 2.0
https://github.com/Infineon/eltt2
Google response:
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update
Toshiba response:
https://support.toshiba.com/sscontent?contentId=4015874
Lenovo response:
https://support.lenovo.com/us/en/product_security/len-15552
HPE response:
https://support.hp.com/us-en/document/c05792935
more on Infineon TPM issue (ROCA)
http://blog.ptsecurity.com/2017/10/a-major-flaw-in-popular-encryption.html
ROCA: Vulnerable RSA generation (CVE-2017-15361)
A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key. The attack is feasible for commonly used key lengths, including 1024 and 2048 bits, and affects chips manufactured as early as 2012, that are now commonplace. Assess your keys now with the provided offline and online detection tools and contact your vendor if you are affected. Major vendors including Microsoft, Google, HP, Lenovo, Fujitsu already released the software updates and guidelines for a mitigation. Full details including the factorization method will be released in 2 weeks at the ACM CCS conference as ‘The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli’ (ROCA) research paper.
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
more on Infineon TPM issue
Re: the recent Infineon TPM problem, more and more downstream problems are being discovered. The main news presses have lots of stories on this now.
ChromeOS impact of Infineon TPM problem
More on: https://firmwaresecurity.com/2017/10/10/infineon-tpms-generating-weak-keys/
“You can check the TPM firmware running on your device by looking at the firmware_version line of the tpm_version entry in chrome://system. If the tpm_version entry is absent, this is likely because you are running an old Chrome OS version which doesn’t report this information. Upgrade to a newer version and check again.”
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update
Infineon TPMs generating weak keys?
https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
https://eesage.com/pages/103061850-tpm-update
ADV170012 | Vulnerability in TPM could allow Security Feature Bypass – A security vulnerability exists in certain Trusted Platform Module (TPM) chipsets. The vulnerability weakens key strength. It is important to note that this is a firmware vulnerability, and not a vulnerability in the operating system or a specific application. After you have installed software and/or firmware updates, you will need to re-enroll in any security services you are running to remediate those services.
Nice, Microsoft makes you agree to a EULA before you can view the web page. 😦
https://www.ghacks.net/2017/10/10/microsoft-security-updates-october-2017-release/
Using TPMs in embedded systems
Stefan Thom (Microsoft), Steve Hanna (Infineon), and Stacy Cannady (Cisco) have an article in Electronic Design on TPM use in embedded systems. If you are new to TPM, this is a nice introduction.
Standardizing Trust for Embedded Systems
It’s time to get more serious about the lack of security in embedded products. With recently developed standards, it’s implementation just got easier. If you haven’t been concerned about malicious players hacking into your products in the past, or haven’t found success with previous efforts, it’s time for renewed attention and action. Hacking efforts aren’t slowing and, in fact, are on the rise. These days, hackers can accomplish far more than ever before—and the repercussions are far more costly. […]
Full article:
http://electronicdesign.com/embedded/standardizing-trust-embedded-systems
Firmware Security 