Potential vulnerability in Infineon TPM (Trusted Platform Module) used in Toshiba notebook products
A potential security vulnerability has been found in some Infineon TPM (Trusted Platform Module) chips used in Toshiba notebook products.
TPM chips are used for security processes such as controlling encryption keys. These devices are embedded inside Personal Computers and used by Security solution programs.
Infineon is preparing TPM firmware updates to fix this vulnerability. We will release these updates suitable for Toshiba systems as soon as they are available. We recommend that you check immediately if your system is potentially affected (see below). If so, we recommend you implement point 5 ‘Immediate Temporary Measure’ below as a workaround until these TPM firmware updates are ready.
- Vulnerability overview (for further reference please see Infineon’s support bulletin here and Microsoft security advisory here)
TPM is used for data encryption, creating a Public Key which is used alongside a Private Key. If the Public Key is accessed, there is a risk that the Private Key could potentially be identified.
- Possible result of vulnerability
If a Public Key generated by TPM and its paired Private Key are identified, a third party could impersonate a legitimate user and therefore decrypt data encrypted with a paired Public key and Private Key.
- Potentially Affected Toshiba Models
Toshiba systems running Infineon TPM v1.20 and v2.0 are potentially affected. The following table lists potentially affected models:
- Immediate Temporary Measure
Microsoft Corp. released a security update on September 12th 2017 which avoids this vulnerability, by generating a Private Key without TPM. Please refer to the following table and ensure that this security update is applied to your Operating System.
- Windows 10 : You can check your OS Version and Build from ‘Settings’ → ‘About’
- Windows 8.1 : You can check if security update ‘KB4038792’ has been applied from ‘Control Panel’→ ‘Programs and Features’ then show ‘View installed Updates’
- Windows 7 : There is no Microsoft workaround for Windows 7. Please wait until we provide updated firmware.
- Schedule of measured firmware release
Click for Information
|Satellite Pro A30-C
|Satellite Pro A30t-C
|Satellite Pro A30-D
|Satellite Pro A40-C
|Satellite Pro A40-D
|Satellite Pro A50-A
|Satellite Pro A50-C
|Satellite Pro A50-D
|Satellite Pro R40-C
|Satellite Pro R50-B
|Satellite Pro R50-C
|Satellite Pro R50-D
How to tell if your product could be affected
(a) Run the ‘TPM Management on Local Computer’ utility by typing ‘tpm.msc’ at a Command Prompt with Administrator privileges. You should see a screen similar to the below.
(b) Check ‘Manufacturer Name’: if it is ‘IFX’, then the system uses an Infineon TPM module and is potentially affected. If so, please proceed to step (c).
(c) Check ‘Specification Version’: if it is ‘v1.20’ or ‘v2.0’ your laptop is potentially affected. If so, please proceed to step (d).
(d) Check ‘Manufacturer Version’ against the below table:
(e) If your laptop falls under the category ‘Potentially Affected’, please apply the Immediate Temporary Measure in point 5 below.
|Security Update to apply
|OS Build with Security Update already applied
|15063.608 or higher
|14393.1715 or higher
|10586.1106 or higher