Page 1 of 12 1 2 3 11 ... LastLast
Results 1 to 10 of 113
  1. #1
    ROG Guru: Yellow Belt Array lightknightrr PC Specs
    lightknightrr PC Specs
    MotherboardAsus Crosshair VI Hero WiFi
    ProcessorAMD Ryzen-7 1800X
    Memory (part number)F4-3200C14D-32GTZ
    Graphics Card #1Radeon Vega Frontier Edition
    Sound CardHT Omega eClaro
    MonitorSamsung 4K
    Storage #1Samsung NVMe SSD 960 PRO 1TB
    Storage #2Crucial MX200 1TB SSD
    CPU CoolerCorsair H115i
    CaseThermaltake Chaser Mk-1 (Modified)
    Power SupplyThermaltake Toughpower DPS G RGB 1500W Titanium
    Keyboard Corsair K95 RGB PLATINUM
    Mouse Corsair Scimitar Pro RGB
    Mouse Pad Corsair Gaming MM600 Dual Sided Aluminum Gaming Mouse Pad
    OS Windows 10 Pro 64-bit OEM
    Accessory #1 Firewire Expansion Card
    Accessory #2 Black Magic Intensity Pro 4K
    Accessory #3 Mailiya USB 3.0 5-Port Expansion Card
    lightknightrr's Avatar
    Join Date
    Jan 2017
    Reputation
    10
    Posts
    144

    Question Asus / Infineon TPM firmware update?

    So, is Asus going to issue a firmware update for the Infineon TPM modules produced under its name, in light of the recently released security bulletin from our friends at Microsoft, or is this a case where we will have to so without, or buy entirely new modules?

    https://portal.msrc.microsoft.com/en...sory/ADV170012


    Infineon doesn't seem to be issuing the update to the masses, when it is available. It wants to do it through OEM channels, and Asus does qualify as an OEM (Original Equipment Manufacturer).

    https://www.infineon.com/cms/en/prod...?redirId=59160

  2. #2
    ROG Guru: Black Belt Array Korth PC Specs
    Korth PC Specs
    MotherboardASUS X99 R5E (BIOS2101/1902)
    ProcessorHaswell-EP E5-1680-3 SR20H/R2 (4.4GHz)
    Memory (part number)Vengeance LPX 4x8GB SS DDR4-3000 (CMK32GX4M4C3000C15)
    Graphics Card #1NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Graphics Card #2NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Sound CardJDS Labs O2+ODAC (RevB), USB2 UAC1
    MonitorASUS PG278Q
    Storage #1Samsung 850 PRO 512GB SSDs, 4xSATA3 RAID0
    Storage #2Comay BladeDrive E28 3200GB SSD, 8xPCIe2
    CPU CoolerRaijintek NEMESIS/TISIS, AS5, 2xNH-A14
    CaseObsidian 750D (original), 6xNH-A14
    Power SupplyZalman/FSP ZM1250 Platinum
    Headset Pilot P51 PTT *modded*
    OS Arch, Gentoo, Win7x64, Win10x64
    Network RouterActiontec T3200M VDSL2 Gateway
    Accessory #1 TP-Link AC1900 Archer T9E, 1xPCIe
    Accessory #2 ASUS/Infineon SLB9635 TPM (TT1.2/FW3.19)
    Accessory #3 ASUS OC Panel I (FW0501)
    Korth's Avatar
    Join Date
    Mar 2015
    Reputation
    152
    Posts
    2,719

    "Firmware updates are available for Infineon`s Trusted Platform Modules (TPMs) based on TCG specification family 1.2 and 2.0 and will be rolled out to end users by device and OS manufacturers (e.g. hardware OEMs such as PC manufacturers)."

    The potential security vulnerability is correctable through motherboard/platform firmware updates. Which will rolled out to end users through the motherboard/platform manufacturers. So yes, ASUS will likely lump this security update, as needed, into their subsequent BIOS updates.

    Infineon might have produced the code fix (for their Infineon TPM parts) but they do not produce firmware for motherboards. The TPMs themselves cannot have their core firmware reflashed/updated, removable TPMs can be replaced, embedded TPMs stay soldered on board. And "the masses" aren't aware of TPMs anyhow, unless perhaps they run BitLocker, so Infineon leaves deployment of this fix to the "OEM channels" (motherboard and laptop manufacturers) "the masses" already know.

    Consumers who've obtained TPM-secured platforms through "other OEM channels" will have to update through those same "other OEM channels".

    It's all explained in the two links you provided.
    "All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

    [/Korth]

  3. #3
    ROG Guru: Yellow Belt Array lightknightrr PC Specs
    lightknightrr PC Specs
    MotherboardAsus Crosshair VI Hero WiFi
    ProcessorAMD Ryzen-7 1800X
    Memory (part number)F4-3200C14D-32GTZ
    Graphics Card #1Radeon Vega Frontier Edition
    Sound CardHT Omega eClaro
    MonitorSamsung 4K
    Storage #1Samsung NVMe SSD 960 PRO 1TB
    Storage #2Crucial MX200 1TB SSD
    CPU CoolerCorsair H115i
    CaseThermaltake Chaser Mk-1 (Modified)
    Power SupplyThermaltake Toughpower DPS G RGB 1500W Titanium
    Keyboard Corsair K95 RGB PLATINUM
    Mouse Corsair Scimitar Pro RGB
    Mouse Pad Corsair Gaming MM600 Dual Sided Aluminum Gaming Mouse Pad
    OS Windows 10 Pro 64-bit OEM
    Accessory #1 Firewire Expansion Card
    Accessory #2 Black Magic Intensity Pro 4K
    Accessory #3 Mailiya USB 3.0 5-Port Expansion Card
    lightknightrr's Avatar
    Join Date
    Jan 2017
    Reputation
    10
    Posts
    144

    Asus / Infineon TPM modules:

    https://www.amazon.com/Asus-Accessor...words=asus+tpm

    https://www.amazon.com/Asus-TPM-M-R2...words=asus+tpm

    And supposedly TPMs can be upgraded.

    BIOS update for firmware-based TPM sounds awesome (I'm using a TPM module), just a minor problem for other motherboards which don't have that option (like the KGPE-D16), and are reliant on TPM modules.

  4. #4
    ROG Guru: Black Belt Array Korth PC Specs
    Korth PC Specs
    MotherboardASUS X99 R5E (BIOS2101/1902)
    ProcessorHaswell-EP E5-1680-3 SR20H/R2 (4.4GHz)
    Memory (part number)Vengeance LPX 4x8GB SS DDR4-3000 (CMK32GX4M4C3000C15)
    Graphics Card #1NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Graphics Card #2NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Sound CardJDS Labs O2+ODAC (RevB), USB2 UAC1
    MonitorASUS PG278Q
    Storage #1Samsung 850 PRO 512GB SSDs, 4xSATA3 RAID0
    Storage #2Comay BladeDrive E28 3200GB SSD, 8xPCIe2
    CPU CoolerRaijintek NEMESIS/TISIS, AS5, 2xNH-A14
    CaseObsidian 750D (original), 6xNH-A14
    Power SupplyZalman/FSP ZM1250 Platinum
    Headset Pilot P51 PTT *modded*
    OS Arch, Gentoo, Win7x64, Win10x64
    Network RouterActiontec T3200M VDSL2 Gateway
    Accessory #1 TP-Link AC1900 Archer T9E, 1xPCIe
    Accessory #2 ASUS/Infineon SLB9635 TPM (TT1.2/FW3.19)
    Accessory #3 ASUS OC Panel I (FW0501)
    Korth's Avatar
    Join Date
    Mar 2015
    Reputation
    152
    Posts
    2,719

    There's many different kinds of TPMs. The whole point is that they're unique and "unhackable" cryptomodules, "one-of-a-kind" keys which sometimes also contain part of the lock mechanism. The ones I'm familiar with cannot be reflashed, by design, so there's no chance their firmware can be compromised by an attacker. Other types exist and some of these might have flashable firmwares.

    The exact technical details of this exploit are not public. The summarized vulnerability metrics show that this is a pre-emptive "official fix" for a "highly confidential" "highly technical" "proof-of-concept" "low overall threat" network exploit. Specifically noted to not affect Windows Clients unless they run BitLocker, and already corrected by Microsoft in all affected consumer Windows versions except Win7 (which still needs the firmware security update). It's basically not a consumer issue and primarily affects only HP, Lenovo, Fujitsu, and WinMagic enterprise products - unless, as a consumer, you obtained an Infineon TPM meant to be deployed in these specific enterprise platforms.
    "All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

    [/Korth]

  5. #5
    ROG Guru: Yellow Belt Array lightknightrr PC Specs
    lightknightrr PC Specs
    MotherboardAsus Crosshair VI Hero WiFi
    ProcessorAMD Ryzen-7 1800X
    Memory (part number)F4-3200C14D-32GTZ
    Graphics Card #1Radeon Vega Frontier Edition
    Sound CardHT Omega eClaro
    MonitorSamsung 4K
    Storage #1Samsung NVMe SSD 960 PRO 1TB
    Storage #2Crucial MX200 1TB SSD
    CPU CoolerCorsair H115i
    CaseThermaltake Chaser Mk-1 (Modified)
    Power SupplyThermaltake Toughpower DPS G RGB 1500W Titanium
    Keyboard Corsair K95 RGB PLATINUM
    Mouse Corsair Scimitar Pro RGB
    Mouse Pad Corsair Gaming MM600 Dual Sided Aluminum Gaming Mouse Pad
    OS Windows 10 Pro 64-bit OEM
    Accessory #1 Firewire Expansion Card
    Accessory #2 Black Magic Intensity Pro 4K
    Accessory #3 Mailiya USB 3.0 5-Port Expansion Card
    lightknightrr's Avatar
    Join Date
    Jan 2017
    Reputation
    10
    Posts
    144

    Fair enough.

  6. #6
    New ROGer Array
    Join Date
    Jan 2017
    Reputation
    10
    Posts
    8

    +1
    same here, absolutely, we need a TPM firmware upgrade for discrete TPMs

  7. #7
    New ROGer Array
    Join Date
    Oct 2017
    Reputation
    10
    Posts
    3

    Asus firmware update needed

    Quote Originally Posted by Korth View Post
    There's many different kinds of TPMs. The whole point is that they're unique and "unhackable" cryptomodules, "one-of-a-kind" keys which sometimes also contain part of the lock mechanism. The ones I'm familiar with cannot be reflashed, by design, so there's no chance their firmware can be compromised by an attacker. Other types exist and some of these might have flashable firmwares.

    The exact technical details of this exploit are not public. The summarized vulnerability metrics show that this is a pre-emptive "official fix" for a "highly confidential" "highly technical" "proof-of-concept" "low overall threat" network exploit. Specifically noted to not affect Windows Clients unless they run BitLocker, and already corrected by Microsoft in all affected consumer Windows versions except Win7 (which still needs the firmware security update). It's basically not a consumer issue and primarily affects only HP, Lenovo, Fujitsu, and WinMagic enterprise products - unless, as a consumer, you obtained an Infineon TPM meant to be deployed in these specific enterprise platforms.
    This is partly accurate, but I'm not sure you understand the group of affected users here. As the OP showed above, ASUS manufactures TPMs that are vulnerable to this exploit. HP, Lenovo, Fujitsu, etc aren't the only affected platforms, they are just the manufacturers who have acknowledged the vulnerability and are working on updating their firmware with Infineon's fix. It's not accurate to say that this isn't a consumer issue, and these TPMs are certainly not only meant to be deployed in those specific enterprise platforms. Microsoft has a workaround in place, but it's not a fix. ASUS needs to update the firmware on their motherboards with TPM slots to address this.

  8. #8
    New ROGer Array
    Join Date
    Jan 2017
    Reputation
    10
    Posts
    8

    Quote Originally Posted by CodeSlicer View Post
    This is partly accurate, but I'm not sure you understand the group of affected users here. As the OP showed above, ASUS manufactures TPMs that are vulnerable to this exploit. HP, Lenovo, Fujitsu, etc aren't the only affected platforms, they are just the manufacturers who have acknowledged the vulnerability and are working on updating their firmware with Infineon's fix. It's not accurate to say that this isn't a consumer issue, and these TPMs are certainly not only meant to be deployed in those specific enterprise platforms. Microsoft has a workaround in place, but it's not a fix. ASUS needs to update the firmware on their motherboards with TPM slots to address this.
    Absolutely.

    Any TPM user, use TPM for security reasons, so security is pretty important. Whether businesses or home users. We talked about a vulnerability that broke the very utility of the TPM module. Asus update its obligatory.

  9. #9
    ROG Guru: Black Belt Array Korth PC Specs
    Korth PC Specs
    MotherboardASUS X99 R5E (BIOS2101/1902)
    ProcessorHaswell-EP E5-1680-3 SR20H/R2 (4.4GHz)
    Memory (part number)Vengeance LPX 4x8GB SS DDR4-3000 (CMK32GX4M4C3000C15)
    Graphics Card #1NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Graphics Card #2NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Sound CardJDS Labs O2+ODAC (RevB), USB2 UAC1
    MonitorASUS PG278Q
    Storage #1Samsung 850 PRO 512GB SSDs, 4xSATA3 RAID0
    Storage #2Comay BladeDrive E28 3200GB SSD, 8xPCIe2
    CPU CoolerRaijintek NEMESIS/TISIS, AS5, 2xNH-A14
    CaseObsidian 750D (original), 6xNH-A14
    Power SupplyZalman/FSP ZM1250 Platinum
    Headset Pilot P51 PTT *modded*
    OS Arch, Gentoo, Win7x64, Win10x64
    Network RouterActiontec T3200M VDSL2 Gateway
    Accessory #1 TP-Link AC1900 Archer T9E, 1xPCIe
    Accessory #2 ASUS/Infineon SLB9635 TPM (TT1.2/FW3.19)
    Accessory #3 ASUS OC Panel I (FW0501)
    Korth's Avatar
    Join Date
    Mar 2015
    Reputation
    152
    Posts
    2,719

    @CodeSlicer, @Theliel -

    I suppose I should agree, lol. As long as ASUS still maintains warranty on motherboards which use these TPMs they should provide active support for the latest TPM security updates. But updating EOL ASUS motherboards would be optional, not required.

    That being said, ASUS may elect not to do so unless they consider potential liability issues too risky or too costly.

    Proof-of-concept hack vs my TPM, proof-of-concept hack vs my IME, in-the-wild hack vs my WiFi, another nasty broken new Windows build ... what an insecure world, lol.
    "All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

    [/Korth]

  10. #10
    New ROGer Array
    Join Date
    Jan 2017
    Reputation
    10
    Posts
    8

    Quote Originally Posted by Korth View Post
    @CodeSlicer, @Theliel -

    I suppose I should agree, lol. As long as ASUS still maintains warranty on motherboards which use these TPMs they should provide active support for the latest TPM security updates. But updating EOL ASUS motherboards would be optional, not required.

    That being said, ASUS may elect not to do so unless they consider potential liability issues too risky or too costly.

    Proof-of-concept hack vs my TPM, proof-of-concept hack vs my IME, in-the-wild hack vs my WiFi, another nasty broken new Windows build ... what an insecure world, lol.
    Yes... some bad "times" for security... at least, IME was already solvied, and WPA2 too (for some/many vendors).

    I do not know to it would be viable for ASUS to upgrade all motherboards with dTPM modules, but it really should not be complicated. If I remember well, ASUS only has 3-4 different TPM modules, and in principle there should be no problems in launching a tool to update only the TPM Modules themselves, without the need for a Bios Update. So in theory, maybe we can see a "generic" tool or couple of them, to update affected dTPM

Page 1 of 12 1 2 3 11 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •