Page 3 of 12 FirstFirst 1 2 3 4 5 ... LastLast
Results 21 to 30 of 113
  1. #21
    ROG Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    9

    Asus TPM-M R2.0 (14-1 pin chip) is a consumer problem

    I have more than one of these chips and I tried to install one recently after October16, 2017 into a Rampage V Edition 10 (UEFI 1709). Windows 10 (v1709 Build 16299.19) reports a security error and will not allow the module to run (see attached screen shot). Microsoft has published Security Alert (ADV1700012) with a workaround but if the module is being installed for the first time Windows will not allow the TPM to be setup (grayed out option in Windows Snap-in module).
    The consumer problem comes when Windows Hello is attempted to be activated, since it requires a functional TPM.
    I am hoping for a firmware fix for the module, but as mentioned above, I believe that the TPM is designed to not be modified. If this is true, my only hope is to replace the module. Since this is an Asus product (though apparently derived from INFINEON -- IFX Version 5.51.2098.0. Specification Version 2.0) on an Asus motherboard I would expect that Asus would fix the problem, or offer the customer the ability to get a module that works.
    With the problem inhibiting Windows Hello from working, this is going to be a big consumer problem as people attempt to use biometric authorization.
    Miniatura de Adjuntos Miniatura de Adjuntos TPM error.JPG  

    Last edited by Charlie Woken; 11-09-2017 at 03:16 PM.

  2. #22
    ROG Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    9

    Replacement for Asus 14-1 pin module.

    In the event that Asus does not issue a firmware update for their TPM-M R2.0 (14-1 pin chip) does anyone know of a compatible pin TPM that can be substituted, that doesn’t suffer from the coding problem created by Infineon?

  3. #23
    ROG Guru: Yellow Belt Array unknownmiscreant PC Specs
    unknownmiscreant PC Specs
    Laptop (Model)Dell E430s (i7)
    MotherboardCrosshair VI Hero
    ProcessorRyzen 7 1700X
    Memory (part number)F4-3200C14D-16GFX (Currently clocked 3466MHz)
    Graphics Card #1EVGA GTX1070 FTW
    Sound CardAsus Strix Soar
    Monitor2x Dell U2412M
    Storage #1Intel 540s
    Storage #2Intel 520
    CPU CoolerEK Supremacy Evo
    CaseCorsair 460x
    Power SupplyEVGA 850 G2
    Keyboard Logitech G610 Cherry MX Brown
    Mouse Logitech G502
    Mouse Pad Logitech G640
    Headset/Speakers Custom built sound system
    OS Win 10
    Network RouterNetgear Nighthawk

    Join Date
    Jul 2017
    Reputation
    10
    Posts
    180

    I do wonder why no-one has tried to hardware flash their TPM. Maybe thats not possible, I don't know.

  4. #24
    ROG Guru: Black Belt Array Korth PC Specs
    Korth PC Specs
    MotherboardASUS X99 R5E (BIOS2101/1902)
    ProcessorHaswell-EP E5-1680-3 SR20H/R2 (4.4GHz)
    Memory (part number)Vengeance LPX 4x8GB SS DDR4-3000 (CMK32GX4M4C3000C15)
    Graphics Card #1NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Graphics Card #2NVIDIA Quadro GP100GL/16GB, 16xPCIe3, NVLink1 (SLI-HB)
    Sound CardJDS Labs O2+ODAC (RevB), USB2 UAC1
    MonitorASUS PG278Q
    Storage #1Samsung 850 PRO 512GB SSDs, 4xSATA3 RAID0
    Storage #2Comay BladeDrive E28 3200GB SSD, 8xPCIe2
    CPU CoolerRaijintek NEMESIS/TISIS, AS5, 2xNH-A14
    CaseObsidian 750D (original), 6xNH-A14
    Power SupplyZalman/FSP ZM1250 Platinum
    Headset Pilot P51 PTT *modded*
    OS Arch, Gentoo, Win7x64, Win10x64
    Network RouterActiontec T3200M VDSL2 Gateway
    Accessory #1 TP-Link AC1900 Archer T9E, 1xPCIe
    Accessory #2 ASUS/Infineon SLB9635 TPM (TT1.2/FW3.19)
    Accessory #3 ASUS OC Panel I (FW0501)
    Korth's Avatar
    Join Date
    Mar 2015
    Reputation
    152
    Posts
    2,719

    TPM firmwares are deliberately designed to be "impossible" for consumers to flash. To secure their locally-stored (password/key) data, to protect their proprietary "black box" cryptosecurity from reverse-engineering or hacking/exploiting attempts, to prevent tampering with firmcode integrity in running parts, and to prevent "re-marking" or duplication or spoofing of parts distributed outside OEM-controlled channels. They are designed to be upgraded only by replacing the hardware module.

    Although TPMs have been analyzed and hacked and exploited and spoofed before, but doing so requires expert technical knowledge and a whole lot of dedication, lol.
    "All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

    [/Korth]

  5. #25
    ROG Guru: Yellow Belt Array unknownmiscreant PC Specs
    unknownmiscreant PC Specs
    Laptop (Model)Dell E430s (i7)
    MotherboardCrosshair VI Hero
    ProcessorRyzen 7 1700X
    Memory (part number)F4-3200C14D-16GFX (Currently clocked 3466MHz)
    Graphics Card #1EVGA GTX1070 FTW
    Sound CardAsus Strix Soar
    Monitor2x Dell U2412M
    Storage #1Intel 540s
    Storage #2Intel 520
    CPU CoolerEK Supremacy Evo
    CaseCorsair 460x
    Power SupplyEVGA 850 G2
    Keyboard Logitech G610 Cherry MX Brown
    Mouse Logitech G502
    Mouse Pad Logitech G640
    Headset/Speakers Custom built sound system
    OS Win 10
    Network RouterNetgear Nighthawk

    Join Date
    Jul 2017
    Reputation
    10
    Posts
    180

    Yeah, that makes sense. If it was easy to flash TPMs they would become somewhat pointless, lol. I guess we are stuck waiting for Asus to get off their backsides.

  6. #26
    ROG Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    9

    ASUS is denying they have responsibility to fix TPM

    Ticket response form Asus Customer Support:
    Thank you for reaching out to Asus customer Support. We would like to extend our sincerest apology for all the inconveniences that you might have experience with your ASUS product.
    • For Win10 with Infineon TPM 2.0, we already solved TPM vulnerability problem. The customer can update the patch fix automatically through Win10 system.

    My response to Ticket:

    The Microsoft “patch” according to Microsoft (ADV170012): …Windows update is not a true replacement for fixing the firmware flaw it can be used as a temporary mitigation.”
    In my case the module will not load at all since it has been installed after the Windows patch was released (End of October—installation). The Windows patch blocks the software workaround.
    I have contacted Infineon and they said: “the update should be conducted by the PC manufacturer i.e. ASUS.”
    If Asus is unwilling or unable to fix the TPM sold under its name please advise me how and where I can get a module that works correctly (new?), even if it is at my expense.
    Asus does not seem to understand the scope of this problem and the importance of security. For the want of one small part entire — systems are rendered useless, and critical commerce transactions need to be transferred to other platforms.

  7. #27
    New ROGer Array Lugusto PC Specs
    Lugusto PC Specs
    MotherboardASUS Z170I PRO GAMING
    ProcessorIntel Core i7-6700K
    Memory (part number)Corsair CMK32GX4M2B3000C15
    Graphics Card #1EVGA GeForce GTX 980 Ti
    Storage #1Samsung 960 EVO 250GB M.2 SSD
    Storage #2Seagate BarraCuda 4TB 3.5"
    CPU CoolerCorsair Hydro H80i GT
    CaseSilverStone Sugo SST-SG13B-Q
    Power SupplySilverStone SST-ST85F-GS
    OS Windows 10 Pro x64

    Join Date
    Oct 2017
    Reputation
    10
    Posts
    9

    Quote Originally Posted by Charlie Woken View Post
    Ticket response form Asus Customer Support:
    Thank you for reaching out to Asus customer Support. We would like to extend our sincerest apology for all the inconveniences that you might have experience with your ASUS product.
    • For Win10 with Infineon TPM 2.0, we already solved TPM vulnerability problem. The customer can update the patch fix automatically through Win10 system.

    My response to Ticket:

    The Microsoft “patch” according to Microsoft (ADV170012): …Windows update is not a true replacement for fixing the firmware flaw it can be used as a temporary mitigation.”
    In my case the module will not load at all since it has been installed after the Windows patch was released (End of October—installation). The Windows patch blocks the software workaround.
    I have contacted Infineon and they said: “the update should be conducted by the PC manufacturer i.e. ASUS.”
    If Asus is unwilling or unable to fix the TPM sold under its name please advise me how and where I can get a module that works correctly (new?), even if it is at my expense.
    Asus does not seem to understand the scope of this problem and the importance of security. For the want of one small part entire — systems are rendered useless, and critical commerce transactions need to be transferred to other platforms.
    You're completely right, the first-line support representatives aren't aware of the technical detail, the difference is we are, obviously causing us collective frustraton.

    Direct from the Microsoft advisory page, regarding the mitigation and detection update for Windows:
    • Addresses the vulnerability by preventing the generation of weak keys by the TPM hardware. New keys are generated using a software algorithm. Microsoft recommends that customers running systems that use affected TPM chipsets install the Windows security update as an interim measure until a firmware update is available from the system manufacturer.
    • Generates event log entries when a vulnerable TPM is detected.
    • Does NOT reduce BitLocker risk.

    Ahem... does NOT reduce risk...

  8. #28
    ROG Guru: Yellow Belt Array unknownmiscreant PC Specs
    unknownmiscreant PC Specs
    Laptop (Model)Dell E430s (i7)
    MotherboardCrosshair VI Hero
    ProcessorRyzen 7 1700X
    Memory (part number)F4-3200C14D-16GFX (Currently clocked 3466MHz)
    Graphics Card #1EVGA GTX1070 FTW
    Sound CardAsus Strix Soar
    Monitor2x Dell U2412M
    Storage #1Intel 540s
    Storage #2Intel 520
    CPU CoolerEK Supremacy Evo
    CaseCorsair 460x
    Power SupplyEVGA 850 G2
    Keyboard Logitech G610 Cherry MX Brown
    Mouse Logitech G502
    Mouse Pad Logitech G640
    Headset/Speakers Custom built sound system
    OS Win 10
    Network RouterNetgear Nighthawk

    Join Date
    Jul 2017
    Reputation
    10
    Posts
    180

    I got sent this in response to my ticket:

    "I would first like to apologise for any inconvenience that this issue has caused. After reviewing your email, the below information should assist in resolving your issue.

    Unfortunately, no confirmation/information to if there will be a release update firmware update for the TPM. "

    Seems a bit contradictory...

    The first line support representatives are useless. Even when I reported an issue that supposedly made it back to the 'Asus Research and Development Team" I was informed about this via the global support department informing the first line representative. By the time someone is reporting issues with as much detail as I did, why did I have to rewrite the info that I submitted in the initial ticket into a form to get an 'engineer' to look into the issue. What would've been wrong with letting me talk directly to someone useful rather than spending 10 mins faffing around with copying info into a form so a service representative could glance at it and forward it on to someone else.

    IMO the Asus support line is setup to handle non-issues from the technologically inept, rather than repeatable issues which often turn out to be bugs in the hardware/software or a product.

  9. #29
    ROG Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    9

    TPM-M R2.0 (14-1 pin chip) Not removable.

    If you have read my comments above you know that I have installed this TPM late in October and am not able to set the TPM up (Prepare the TPM). I have now tried to remove the TPM from the computer with little success.
    I go to the UEFI and turn the module off, reboot and verify that the UEFI shows that the TPM is disabled. Then turn the computer off at power supply and remove the TPM. After this step the TPM does not show up in the UEFI. From this point the computer will boot into Windows 10 and appears to work. The TPM no longer shows up in the Windows Snap in Management Console. I thought this solved the problem but when I go to shut down the Windows session, Windows attempts to shut down but comes back on to the log in screen asking for a password. If I try to shut down from the log in screen it says that other users are on the computer and they will lose data if shut down—I shut down anyway and the computer boots into the long in screen again. This cycle repeats over and over again. The only way to shut the computer down is to cut power at the power supply (PSU). When the TPM was reinstalled the endless cycle problem stopped, but now when I close all windows at the end of a session and shut down, when I start the computer up again some windows that were closed are open.
    The next step I tried was to install an image backup that was recorded prior to the Windows TPM patch. When the image was made the computer did not have the TPM in it and when I tried the restore the TPM hand been removed. The result of attempting an image restore was that Windows located the proper image file but it would not run stating that the “Bios” was not correct? I don’t understand since the computer has a UEFI – has the TPM somehow locked the hardware?
    Has anyone experienced these problems?
    1) Has anyone successfully removed a TPM?
    2) Has anyone attempted to restore an image?
    These are a lot of questions and since Asus will not help -- any bit of information you might have is greatly appreciated.

  10. #30
    New ROGer Array
    Join Date
    Oct 2017
    Reputation
    10
    Posts
    3

    Quote Originally Posted by Charlie Woken View Post
    If you have read my comments above you know that I have installed this TPM late in October and am not able to set the TPM up (Prepare the TPM). I have now tried to remove the TPM from the computer with little success.
    I go to the UEFI and turn the module off, reboot and verify that the UEFI shows that the TPM is disabled. Then turn the computer off at power supply and remove the TPM. After this step the TPM does not show up in the UEFI. From this point the computer will boot into Windows 10 and appears to work. The TPM no longer shows up in the Windows Snap in Management Console. I thought this solved the problem but when I go to shut down the Windows session, Windows attempts to shut down but comes back on to the log in screen asking for a password. If I try to shut down from the log in screen it says that other users are on the computer and they will lose data if shut down—I shut down anyway and the computer boots into the long in screen again. This cycle repeats over and over again. The only way to shut the computer down is to cut power at the power supply (PSU). When the TPM was reinstalled the endless cycle problem stopped, but now when I close all windows at the end of a session and shut down, when I start the computer up again some windows that were closed are open.
    The next step I tried was to install an image backup that was recorded prior to the Windows TPM patch. When the image was made the computer did not have the TPM in it and when I tried the restore the TPM hand been removed. The result of attempting an image restore was that Windows located the proper image file but it would not run stating that the “Bios” was not correct? I don’t understand since the computer has a UEFI – has the TPM somehow locked the hardware?
    Has anyone experienced these problems?
    1) Has anyone successfully removed a TPM?
    2) Has anyone attempted to restore an image?
    These are a lot of questions and since Asus will not help -- any bit of information you might have is greatly appreciated.
    Hey Charlie,
    You appear to have a number of issues going on here. This is also kinda diverging from the OP's topic but I'll give you some info here for now.
    First, the screenshot you posted initially stated that the TPM was ready for use. That's probably why "Prepare this TPM" was greyed out--it was already prepared. The vulnerability issue reduces the effectiveness of the security, but it doesn't actually render the chip unusable.
    No idea what would be causing the shutdown issues you're describing, but the image restoration error sounds like you're either trying to restore an image of a system that was created under BIOS while booted into UEFI, or vice-versa.
    My suggestion would be to put your TPM chip back in and reactivate it; your initial state appeared to be fine... did you actually run into an error with Windows Hello or just expected one?

Page 3 of 12 FirstFirst 1 2 3 4 5 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •