Infineon Technologies Trusted Platform Modules (TPM v1.2), Security Feature Bypass Vulnerability Installation Procedure (Win7/Win10)



Document ID: 4015880

 

Posted Date: 2017-10-25

 

Last Updated: 2017-10-25

 

Distribution: View Public Website

 

Issue

 

The purpose of this software is to update the firmware of Infineon Technologies Trusted Platform Module v1.2.

 

Procedure

 

Updating TPM via Windows 7

WARNING

Before starting this update, it is strongly recommended that you backup your computer.

If you are required to clear the TPM owner, TPM will be reset back to factory defaults which will lose created keys and data protected by those keys.

 

To run the TPM Firmware update tool, administrative privilege are required.

  1. If you have the TPM Owner Password or the TPM Owner Password Backup File, proceed to 3.
  2. If both the TPM Owner Password and the TPM Owner Password Backup File are not found, you will need to initialize the TPM Owner Password using the steps below.
    1. To initialize the TPM Owner Password, shutdown the computer and then turn on the computer while pressing F2 and enter to BIOS Setup Menu.
    2. Choose “Clear TPM Owner” from “Security” menu, then choose “Setup Default [F9]”, save and restart the computer.
    3. Run “tpm.msc” from Start Menu.  (Type “tpm.msc” at “Search programs and files”.) 
      1. “Trusted Platform Module (TPM) Management on Local Computer” appears.
    4. Choose “Initialize TPM…” from “Actions”.
    5. Choose “Restart” to restart the computer.
    6. Choose how to create the TPM Owner Password. 
      1. Usually, choose “Automatically create the password (recommended)”.
    7. Choose “Save the password...” and choose location to save the TPM Owner Password. 
      1. USB memory is recommended.
    8. After saving or printing the password, “Initialize” button becomes active. 
      1. Choose “Initialize” to start TPM initialization.
  3. Right click IFXTPMUpdate_TPM12_v0443.exe; choose “Run as administrator”.
  4. Check “Accept the terms of this license agreement”, and choose “Next”.
    1. If the AC adapter is not plugged in, a message will appear asking you to plug in the AC adapter and choose “Back” to return previous screen.
  5. Check platform details and choose “Next”.
  6. Provide the Owner Password. 
    1. If you have an Owner Password file, choose “I have the Owner Password Backup File” and specify the file location by pressing “Browse...”.
  7. Choose “Update” to start firmware update.

 

WARNING

On Windows 7, the firmware update may take up to 10 minutes.  Do NOT turn off the computer until the update completes.

 

Updating TPM via Windows 10

WARNING

Before starting update, it is strongly recommended to back up the computer.

If you are required to clear the TPM owner, TPM will be reset back to factory defaults which will lose created keys and data protected by those keys.

 

To run the TPM Firmware update tool, administrative privilege are required.

  1. In case you have the TPM Owner Password or the TPM Owner Password Backup File, proceed to 3.
  2. If both the TPM Owner Password and the TPM Owner Password Backup File are not found, you will need to initialize the TPM Owner Password.
    1. Run “regedit” from Start Menu.  (Type “regedit” at “Search programs and files”.) 
      1. “Registry Editor” appears.
    2. Clarify registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM] OSManagedAuthLevel, and record original key data. 
      1. Choose “Edit” – “Find…”.
    3. Type “OSManagedAuthLevel” at “Find what”, then press “Find Next”. 
    4. Clarify upper text shows “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM”, lower left text shows “OSManagedAuthLevel”, and take a note for the data. 
    5. After updating the firmware, this register key shall be restored, so do not miss to take a note.
    6. Double click “OSManagedAuthLevel”.  
    7. Change “Value data” to 4, and press “OK”.
    8. Run “tpm.msc” from Start Menu, and choose “Clear TPM…” from “Actions”.
  3. Below screen appears.  Choose “Restart” to restart the computer.
  4. After restart, BIOS warning message may appear.  Press [F11] to clear TPM and proceed.
  5. Right click IFXTPMUpdate_TPM12_v0443.exe, choose “Run as administrator”.
  6. Check “Accept the terms of this license agreement”, and choose “Next”.
    1. If the AC adapter is not plugged in, a message will appear asking you to plug in the AC adapter and choose “Back” to return previous screen.
  7. Check platform details and choose “Next”.
  8. Provide the Owner Password if requested.  In case does not appears, skip to 14.
    1. If you have an Owner Password as the Owner Password Backup File, choose “I have the Owner Password Backup File” and specify the file location by pressing “Browse...”.
  9. Choose “Update” to start firmware update.
    1. Run “regedit” from Start Menu.  (Type “regedit” at “Search programs and files”.)  “Registry Editor” appears.
      1. Search registry key [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM] OSManagedAuthLevel.  Choose “Edit” – “Find…”.
      2. Type “OSManagedAuthLevel” at “Find what”, then press “Find Next”.  Below screen appears after a while.
      3. Clarify upper text shows “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM”, and lower left text shows “OSManagedAuthLevel”.
    2. Double click “OSManagedAuthLevel”.  
    3. Change “Value data” as data noted to 5, and press “OK”.

 

WARNING

On Windows 10, the firmware update may take up to 10 minutes.  Do NOT turn off the computer until the update completes.

 

Export Control and EULA
Use of any software made available for download from this system constitutes your acceptance of the Export Control Terms and the terms in the Toshiba end-user license agreement both of which you can view before downloading any such software.