Results 1 to 8 of 8
  1. #1
    ROG Member Array
    Join Date
    Nov 2018
    Reputation
    10
    Posts
    8

    TPM2.0 FW 5.63.3144.0 reported as vulnerable in windows 10.

    I am having issues with my TPM not working in windows 10 19613
    It seems the FW in the TPM has been marked vulnerable by Microsoft.
    I see no later update on the FW page.

    Is there a later FW available?

    Here is the relevant output:

    -TPM Has Vulnerable Firmware: True
    -TPM Firmware Vulnerability: 0x00000004
    TPM2_ActivateCredential - spurious TPM_RC_BINDING error

    Code:
    S C:\WINDOWS\system32> tpmtool getdeviceinformation
    
    -TPM Present: True
    -TPM Version: 2.0
    -TPM Manufacturer ID: IFX
    -TPM Manufacturer Full Name: Infineon
    -TPM Manufacturer Version: 5.63.3144.0
    -PPI Version: 1.3
    -Is Initialized: True
    -Ready For Storage: True
    -Ready For Attestation: False
    -Information Flags Description:
            INFORMATION_ATTESTATION_VULNERABILITY
    -Is Capable For Attestation: True
    -Clear Needed To Recover: False
    -Clear Possible: True
    -TPM Has Vulnerable Firmware: True
    -TPM Firmware Vulnerability: 0x00000004
                    TPM2_ActivateCredential - spurious TPM_RC_BINDING error
    
    -PCR7 Binding State: 2
    -Maintenance Task Complete: True
    -TPM Spec Version: 1.16
    -TPM Errata Date: Wednesday, September 21, 2016
    -PC Client Version: 1.00
    -Is Locked Out: False

  2. #2
    ROG Member Array
    Join Date
    Nov 2018
    Reputation
    10
    Posts
    8

    Am i wrong to expect someone from Asus to comment on this?
    This is causing significant headaches for me with things that use TPM (like windows hello for business, synchronizing edge settings in azure ad, etc).
    Last edited by scyto; 05-14-2020 at 05:14 AM. Reason: more info

  3. #3
    ROG Guru: Orange Belt Array Jesseinsf PC Specs
    Jesseinsf PC Specs
    MotherboardASUS ROG Maximus XI Extreme (Z390)
    ProcessorIntel Core i9 9900K
    Memory (part number)Corsair CMW128GX4M4E3200C16 - 128GB (4x32)
    Graphics Card #1NVIDIA - GeForce RTX 3080 Ti Founders Edition
    Sound CardOnboard TOSLINK to powered speakers
    MonitorMSI Creator PS321URV (32 in 4k HDR600)
    Storage #1Samsung 980 Pro M.2 PCIe SSD 1TB
    Storage #2Samsung 970 Pro M.2 PCIe SSD 1TB
    CPU CoolerASUS ROG Strix LC II 360 AIO (3x LIAN LI UNI FAN SL INFINITY 120)
    CaseLian Li PC-011 Dynamic XL Black (ROG Certified)
    Power SupplySeasonic - PRIME TX-1000 (80+ Titanium) - New version that doesn't trip from transient spikes
    Keyboard RAZER HUNTSMAN ELITE - LINEAR OPTICAL SWITCH (Red) w/ PBT Keycaps
    Mouse Razer Basilisk Ultimate with Charging Dock
    Headset Bowers and Wilkins P9 Signature
    Mouse Pad LOFTMAT (16x13 inch) Cushioned Gaming Mat - "The Gaming Slim"
    Headset/Speakers Vanatoo Transparent One Encore with Rel HT/1003 Subwoofer
    OS Windows 11 Pro for Workstations 64-bit
    Network RouterRAXE500 — Nighthawk AX12 12-Stream AXE11000 Tri-Band Wi-Fi 6E Router
    Accessory #1 Microsoft Xbox Elite Wireless Controller Series 2
    Accessory #2 2x Logitech BRIO ULTRA HD PRO WEBCAM
    Accessory #3 10 LIAN LI UNI FAN SL INFINITY 120 (Includes AIO fans)
    Jesseinsf's Avatar
    Join Date
    Mar 2019
    Reputation
    72
    Posts
    425

    Quote Originally Posted by scyto View Post
    Am i wrong to expect someone from Asus to comment on this?
    This is causing significant headaches for me with things that use TPM (like windows hello for business, synchronizing edge settings in azure ad, etc).
    Most likely because you have installed a "Windows Insiders" Fast Ring build. There is bound to be lots of bugs in the fast ring. The slow ring and release preview ring are using the Windows version that will be released at the end of the month or early next month. I would re-image your PC and switch to the release preview ring. Oh, and don't forget to add this feedback in the Windows Insiders feedback hub.
    Last edited by Jesseinsf; 05-14-2020 at 08:31 AM.

  4. #4
    ROG Member Array
    Join Date
    Nov 2018
    Reputation
    10
    Posts
    8

    Quote Originally Posted by Jesseinsf View Post
    Most likely because you have installed a "Windows Insiders" Fast Ring build. There is bound to be lots of bugs in the fast ring. The slow ring and release preview ring are using the Windows version that will be released at the end of the month or early next month. I would re-image your PC and switch to the release preview ring. Oh, and don't forget to add this feedback in the Windows Insiders feedback hub.
    Yes already submitted to insider hub
    To be clear the firmware is vulnerable error also is present on release build.

    I don't know if the attestation error is on released builds, would need to install on another HDD.
    Might do it weekend and see.

    Irrespective of that is Asus are a Microsoft partner and should also be verifying builds at least with smoke tests - that the whole freaking point of the insider builds.... not to mention the private builds they have access to.

  5. #5
    ROG Guru: Orange Belt Array Jesseinsf PC Specs
    Jesseinsf PC Specs
    MotherboardASUS ROG Maximus XI Extreme (Z390)
    ProcessorIntel Core i9 9900K
    Memory (part number)Corsair CMW128GX4M4E3200C16 - 128GB (4x32)
    Graphics Card #1NVIDIA - GeForce RTX 3080 Ti Founders Edition
    Sound CardOnboard TOSLINK to powered speakers
    MonitorMSI Creator PS321URV (32 in 4k HDR600)
    Storage #1Samsung 980 Pro M.2 PCIe SSD 1TB
    Storage #2Samsung 970 Pro M.2 PCIe SSD 1TB
    CPU CoolerASUS ROG Strix LC II 360 AIO (3x LIAN LI UNI FAN SL INFINITY 120)
    CaseLian Li PC-011 Dynamic XL Black (ROG Certified)
    Power SupplySeasonic - PRIME TX-1000 (80+ Titanium) - New version that doesn't trip from transient spikes
    Keyboard RAZER HUNTSMAN ELITE - LINEAR OPTICAL SWITCH (Red) w/ PBT Keycaps
    Mouse Razer Basilisk Ultimate with Charging Dock
    Headset Bowers and Wilkins P9 Signature
    Mouse Pad LOFTMAT (16x13 inch) Cushioned Gaming Mat - "The Gaming Slim"
    Headset/Speakers Vanatoo Transparent One Encore with Rel HT/1003 Subwoofer
    OS Windows 11 Pro for Workstations 64-bit
    Network RouterRAXE500 — Nighthawk AX12 12-Stream AXE11000 Tri-Band Wi-Fi 6E Router
    Accessory #1 Microsoft Xbox Elite Wireless Controller Series 2
    Accessory #2 2x Logitech BRIO ULTRA HD PRO WEBCAM
    Accessory #3 10 LIAN LI UNI FAN SL INFINITY 120 (Includes AIO fans)
    Jesseinsf's Avatar
    Join Date
    Mar 2019
    Reputation
    72
    Posts
    425

    Quote Originally Posted by scyto View Post
    Yes already submitted to insider hub
    To be clear the firmware is vulnerable error also is present on release build.

    I don't know if the attestation error is on released builds, would need to install on another HDD.
    Might do it weekend and see.

    Irrespective of that is Asus are a Microsoft partner and should also be verifying builds at least with smoke tests - that the whole freaking point of the insider builds.... not to mention the private builds they have access to.
    I use to work at a large corporation and their new dell PCs and laptops had to have a TPM firmware update for a similar issue. Have you looked in to that?

  6. #6
    ROG Member Array
    Join Date
    Nov 2018
    Reputation
    10
    Posts
    8

    Thanks, all my machines have latest firmwares, not sure why I am seeing similar messages on other machines given the resolution below.

    Rather than rebuild the machine I used the following to install a second copy of Windows 10 but using build 1903.
    • Created a windows to go install on SSD in USB enclosure

    • Joined it to my Azure AD WhFB enabled domain, registration succeeded

    • Realized while it does bitlocker on WTG it doesn't do attestation - oops and says the TPM is unavailable

    • Converted drive to normal boot drive (used tool, took a few seconds)

    • Plugged it into SATA port and changed BIOS boot order


    Booting this way resolved all issues, you are indeed correct this is entirely a fast ring issue.

    The key here is to make sure this issue doesn't progress into final builds - to date there has been no response from MS on hub or reddit (trying technet forum next).

    This seems to be particularly problematic with the ASUS board, the surface books running the same build and same infineon chip report the same errors but do not have the broken functionality issues.

    Also its a really weird bug that different machines (with different TPMs) would report different and highly specific known flaws via tpmtool. This is either one of the weirdest bugs i have seen or there is a set of undisclosed vulnerabilities that this build is detecting for... only time will tell :-)

    thanks so much for your help, pointing me in the right direction and reminding me not to put so much faith in insider fast builds - which tbh i found to be surprisingly darn robust over last 3 years+.

    Next text, change the 1903 build to slow ring and see if this is just fast ring or issue in the entire dev branch.
    Last edited by scyto; 05-15-2020 at 04:11 PM. Reason: typo in list

  7. #7
    ROG Member Array
    Join Date
    Nov 2018
    Reputation
    10
    Posts
    8

    last attempt to get a confirmation from MS this is a known bug
    https://social.technet.microsoft.com...InsiderPreview

  8. #8
    ROG Member Array
    Join Date
    Nov 2018
    Reputation
    10
    Posts
    8

    one last question

    have you ever used the 'firmware tpm' instead of the 'discrete tpm' - there is a toggle between the two in the BIOS....

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •