Infineon TPM Vulnerability

The information below includes a description of the vulnerability and details steps recommended by Infineon and Fujitsu that users should take to secure affected product lines.

Summary:

A vulnerability in Infineon TPM hardware has been discovered recently with outdated TPM firmware using an algorithm that generates weaker RSA keys. This page provides information on how to update outdated TPM firmware.

For more detailed information please refer to the Infineon web site:
http://www.infineon.com/TPM-update

Microsoft has published additional information relating to operating systems. For detailed information please refer to the Microsoft web site: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012

Affected Products:
An overview of the Fujitsu affected products can be found here:

LIFEBOOK
Model Name

Original
Version

Updated
Version

Update Type

Release Date

LIFEBOOK E544
LIFEBOOK E554
FW4.32FW4.34FW Update UtilityFeb. 2018
LIFEBOOK E546
LIFEBOOK E556
(come with TPM1.2)
FW4.40FW4.43FW Update UtilityAvailable for W7 & W10,
W8.1 Dec 2017
LIFEBOOK E546
LIFEBOOK E556
(come with TPM2.0)
FW5.51FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK E547
LIFEBOOK E557
FW5.61FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK E734
LIFEBOOK E744
LIFEBOOK E754
FW4.32FW4.34FW Update UtilityFeb. 2018
LIFEBOOK E736
LIFEBOOK E746
LIFEBOOK E756
(come with TPM1.2)
FW4.40FW4.43FW Update UtilityAvailable for W7 & W10,
W8.1 Dec 2017
LIFEBOOK E736
LIFEBOOK E746
LIFEBOOK E756
(come with TPM2.0)
FW5.51FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK P727FW5.61FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK S904FW4.32FW4.34FW Update UtilityFeb. 2018
LIFEBOOK S935FW4.40FW4.43FW Update UtilityAvailable for W7 & W10,
W8.1 Dec 2017
LIFEBOOK S936
(come with TPM1.2)
FW4.40FW4.43FW Update UtilityAvailable for W7 & W10,
W8.1 Dec 2017
LIFEBOOK S936
(come with TPM2.0)
FW5.51FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK S937FW5.51FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK T725FW4.40FW4.43FW Update UtilityAvailable for W7 & W10,
W8.1 Dec 2017
LIFEBOOK T726FW5.51FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK T734FW4.32FW4.34FW Update UtilityFeb. 2018
LIFEBOOK T904FW4.32FW4.34FW Update UtilityFeb. 2018
LIFEBOOK T935FW4.40FW4.43FW Update UtilityAvailable for W7 & W10,
W8.1 Dec 2017
LIFEBOOK T936FW5.51FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK T937FW5.61FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK U536
(come with TPM1.2)
FW4.40FW4.43FW Update UtilityAvailable for W7 & W10,
W8.1 Dec 2017
LIFEBOOK U536
(come with TPM2.0)
FW5.61FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK U537FW5.61FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK UH554
LIFEBOOK UH574
FW4.32FW4.34FW Update UtilityFeb. 2018
LIFEBOOK U727FW5.61FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK U745FW5.51FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK U747
LIFEBOOK U757
FW5.61FW5.62BIOS update and FW Tool*2Jan. 2018
LIFEBOOK U937FW5.61FW5.62BIOS update and FW Tool*2Jan. 2018
STYLISTIC
Model Name

Original
Version

Updated
Version

Update Type

Release Date

STYLISTIC Q616FW5.51FW5.62BIOS update and FW Tool*2Jan. 2018
STYLISTIC Q665FW4.40FW4.43FW Update UtilityAvailable for W7 & W10,
W8.1 Dec 2017
STYLISTIC Q704FW4.32FW4.34FW Update UtilityFeb. 2018
STYLISTIC Q736FW5.51FW5.62BIOS update and FW Tool*2Jan. 2018
STYLISTIC Q737FW5.61FW5.62BIOS update and FW Tool*2Jan. 2018
STYLISTIC Q775FW4.40FW4.43FW Update UtilityAvailable for W7 & W10,
W8.1 Dec 2017
STYLISTIC R726
(come with TPM1.2)
FW4.40FW4.43FW Update UtilityAvailable for W7 & W10,
W8.1 Dec 2017
STYLISTIC R726
(come with TPM2.0)
FW5.51FW5.62BIOS update and FW Tool*2Jan. 2018
CELSIUS (Mobile)
Model Name

Original
Version

Updated
Version

Update Type

Release Date

CELSIUS H730FW4.32FW4.34FW Update UtilityFeb. 2018
CELSIUS H760FW5.51FW5.62BIOS update and FW Tool*2Jan. 2018
CELSIUS H770FW5.61FW5.62BIOS update and FW Tool*2Jan. 2018
CELSIUS H970FW5.61FW5.62BIOS update and FW Tool*2Jan. 2018

*1: Dates are subject to change
*2: The FW Tool must be used with BIOS update, although the BIOS update can be applied separately.

CELSIUS (WorkStation)Please refer to the following site.
http://support.ts.fujitsu.com/content/intel_firmware_SA86.asp
ESPRIMO (Desktop)
FUTRO (Thin Client)

Fujitsu is providing an easy to use Windows-based tool for end customers to identify whether a TPM is installed in their system. If the tool finds a TPM in the system, then it will show the relevant TPM and firmware version. This tool can be found here: TPM Information Tool

Please note: for some affected products, TPM was sold as an optional component. This means that not all systems are affected by this issue.

Recommended steps:

  • Consult the list of affected Fujitsu systems.
  • Before updating the TPM firmware, please make sure that you save your encryption keys, decrypt all your encrypted data and backup to an external storage device, to avoid any data loss.

For Notebook or Tablet to download the respective TPM firmware update package for your system, please go to the Fujitsu support page and perform the following steps:

1. Select “Product Type”.
2. Select “Series”.
3. Select “Model”.
4. Select “OS”.
5. Download and install the latest BIOS or TPM firmware update package from the “BIOS“ section.

For Desktop and Workstation and ThinClient, please go to Fujitsu support page and follow the instructions.

For inquiries related to this issue, please contact the following dedicated hotline:

WARNING: Clearing the TPM resets it to factory defaults. All created keys will be deleted and you will therefore lose access to any data encrypted by those keys.

For more detailed information regarding TPM Clear please refer also to the following Microsoft site:
https://docs.microsoft.com/en-us/windows/device-security/tpm/initialize-and-configure-ownership-of-the-tpm#clear-all-the-keys-from-the-tpm