Infineon TPM Vulnerability
The information below includes a description of the vulnerability and details steps recommended by Infineon and Fujitsu that users should take to secure affected product lines.
Summary:
A vulnerability in Infineon TPM hardware has been discovered recently with outdated TPM firmware using an algorithm that generates weaker RSA keys. This page provides information on how to update outdated TPM firmware.
For more detailed information please refer to the Infineon web site:
http://www.infineon.com/TPM-update
Microsoft has published additional information relating to operating systems. For detailed information please refer to the Microsoft web site: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012
Affected Products:
An overview of the Fujitsu affected products can be found here:
Model Name | Original
| Updated
| Update Type | Release Date |
---|---|---|---|---|
LIFEBOOK E544
LIFEBOOK E554 | FW4.32 | FW4.34 | FW Update Utility | Feb. 2018 |
LIFEBOOK E546
LIFEBOOK E556 (come with TPM1.2) | FW4.40 | FW4.43 | FW Update Utility | Available for W7 & W10,
W8.1 Dec 2017 |
LIFEBOOK E546
LIFEBOOK E556 (come with TPM2.0) | FW5.51 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK E547
LIFEBOOK E557 | FW5.61 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK E734
LIFEBOOK E744 LIFEBOOK E754 | FW4.32 | FW4.34 | FW Update Utility | Feb. 2018 |
LIFEBOOK E736
LIFEBOOK E746 LIFEBOOK E756 (come with TPM1.2) | FW4.40 | FW4.43 | FW Update Utility | Available for W7 & W10,
W8.1 Dec 2017 |
LIFEBOOK E736
LIFEBOOK E746 LIFEBOOK E756 (come with TPM2.0) | FW5.51 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK P727 | FW5.61 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK S904 | FW4.32 | FW4.34 | FW Update Utility | Feb. 2018 |
LIFEBOOK S935 | FW4.40 | FW4.43 | FW Update Utility | Available for W7 & W10,
W8.1 Dec 2017 |
LIFEBOOK S936
(come with TPM1.2) | FW4.40 | FW4.43 | FW Update Utility | Available for W7 & W10,
W8.1 Dec 2017 |
LIFEBOOK S936
(come with TPM2.0) | FW5.51 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK S937 | FW5.51 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK T725 | FW4.40 | FW4.43 | FW Update Utility | Available for W7 & W10,
W8.1 Dec 2017 |
LIFEBOOK T726 | FW5.51 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK T734 | FW4.32 | FW4.34 | FW Update Utility | Feb. 2018 |
LIFEBOOK T904 | FW4.32 | FW4.34 | FW Update Utility | Feb. 2018 |
LIFEBOOK T935 | FW4.40 | FW4.43 | FW Update Utility | Available for W7 & W10,
W8.1 Dec 2017 |
LIFEBOOK T936 | FW5.51 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK T937 | FW5.61 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK U536
(come with TPM1.2) | FW4.40 | FW4.43 | FW Update Utility | Available for W7 & W10,
W8.1 Dec 2017 |
LIFEBOOK U536
(come with TPM2.0) | FW5.61 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK U537 | FW5.61 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK UH554
LIFEBOOK UH574 | FW4.32 | FW4.34 | FW Update Utility | Feb. 2018 |
LIFEBOOK U727 | FW5.61 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK U745 | FW5.51 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK U747
LIFEBOOK U757 | FW5.61 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
LIFEBOOK U937 | FW5.61 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
Model Name | Original
| Updated
| Update Type | Release Date |
---|---|---|---|---|
STYLISTIC Q616 | FW5.51 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
STYLISTIC Q665 | FW4.40 | FW4.43 | FW Update Utility | Available for W7 & W10,
W8.1 Dec 2017 |
STYLISTIC Q704 | FW4.32 | FW4.34 | FW Update Utility | Feb. 2018 |
STYLISTIC Q736 | FW5.51 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
STYLISTIC Q737 | FW5.61 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
STYLISTIC Q775 | FW4.40 | FW4.43 | FW Update Utility | Available for W7 & W10,
W8.1 Dec 2017 |
STYLISTIC R726
(come with TPM1.2) | FW4.40 | FW4.43 | FW Update Utility | Available for W7 & W10,
W8.1 Dec 2017 |
STYLISTIC R726
(come with TPM2.0) | FW5.51 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
Model Name | Original
| Updated
| Update Type | Release Date |
---|---|---|---|---|
CELSIUS H730 | FW4.32 | FW4.34 | FW Update Utility | Feb. 2018 |
CELSIUS H760 | FW5.51 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
CELSIUS H770 | FW5.61 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
CELSIUS H970 | FW5.61 | FW5.62 | BIOS update and FW Tool*2 | Jan. 2018 |
*1: Dates are subject to change
*2: The FW Tool must be used with BIOS update, although the BIOS update can be applied separately.
CELSIUS (WorkStation) | Please refer to the following site.
http://support.ts.fujitsu.com/content/intel_firmware_SA86.asp |
---|---|
ESPRIMO (Desktop) | |
FUTRO (Thin Client) |
Fujitsu is providing an easy to use Windows-based tool for end customers to identify whether a TPM is installed in their system. If the tool finds a TPM in the system, then it will show the relevant TPM and firmware version. This tool can be found here: TPM Information Tool
Please note: for some affected products, TPM was sold as an optional component. This means that not all systems are affected by this issue.
Recommended steps:
- Consult the list of affected Fujitsu systems.
- Before updating the TPM firmware, please make sure that you save your encryption keys, decrypt all your encrypted data and backup to an external storage device, to avoid any data loss.
For Notebook or Tablet to download the respective TPM firmware update package for your system, please go to the Fujitsu support page and perform the following steps:
1. Select “Product Type”.
2. Select “Series”.
3. Select “Model”.
4. Select “OS”.
5. Download and install the latest BIOS or TPM firmware update package from the “BIOS“ section.
For Desktop and Workstation and ThinClient, please go to Fujitsu support page and follow the instructions.
For inquiries related to this issue, please contact the following dedicated hotline:WARNING: Clearing the TPM resets it to factory defaults. All created keys will be deleted and you will therefore lose access to any data encrypted by those keys.
For more detailed information regarding TPM Clear please refer also to the following Microsoft site:
https://docs.microsoft.com/en-us/windows/device-security/tpm/initialize-and-configure-ownership-of-the-tpm#clear-all-the-keys-from-the-tpm