TPM 2.0 Vulnerability

Come hang out and discuss tech related content! Please check other subforums before posting.
Post Reply
nerd
Posts: 1
Joined: Wed Apr 19, 2023 9:37 am

TPM 2.0 Vulnerability

Post by nerd »

Hi,

I've noticed that you don't provide regular BIOS updates, so I'm unsure whether you're aware of these two TPM 2.0 vulnerabilities that might require a TPM 2.0 firmware update.

Vulnerabilities in the TPM 2.0 reference implementation code

This is a serious vulnerability, please update your BIOSes if necessary. Otherwise, please let us now if and why your platforms aren't affected.

I own a TK11, it has a TPM 2.0 module, manufacturer version 600.7.0.0, subversion 1.38.
Popastefanx
Posts: 3
Joined: Sat Apr 15, 2023 5:10 pm

Re: TPM 2.0 Vulnerability

Post by Popastefanx »

Sadly i requested bios as well and they do not provide any bios, i think their firmware is locked fully and no one can change it from software. It needs ch341 programmer probably
vali20
Posts: 2
Joined: Thu Apr 20, 2023 1:23 am

Re: TPM 2.0 Vulnerability

Post by vali20 »

Popastefanx wrote: Wed Apr 19, 2023 2:54 pm Sadly i requested bios as well and they do not provide any bios, i think their firmware is locked fully and no one can change it from software. It needs ch341 programmer probably
You can place EFI shell (shellx64.efi) and AfuEfix64.efi onto a FAT32 formatted USB drive, then use the option in BIOS called "Boot EFI shell from file system device" from last tab to start the EFI shell application. In there, switch to desired file system (type "fs0:"), then use AfuEfix64 to dump the BIOS contents: "AfuEfix64.efi backup.rom /o". I was able to open the exported image in UEFITool just fine, seems like a valid Amercian Megatrends UEFi image. "flashrom" from DOS would probably have worked as well, but I cannot boot the FreeDOS image generated using Rufus since it requires CSM, which this system seems to be lacking. To dump the BIOS using flashrom, in case you get around it, use "flashrom -p internal -r backup.rom".
User avatar
barry777
Posts: 1131
Joined: Thu Mar 02, 2023 1:08 am
Has thanked: 35 times
Been thanked: 87 times

Re: TPM 2.0 Vulnerability

Post by barry777 »

In response to this situation, we are checking with the manufacturer.
Post Reply

Return to “General Discussion”