Best Minipc Forum

Hi,

I've noticed that you don't provide regular BIOS updates, so I'm unsure whether you're aware of these two TPM 2.0 vulnerabilities that might require a TPM 2.0 firmware update.

Vulnerabilities in the TPM 2.0 reference implementation code

This is a serious vulnerability, please update your BIOSes if necessary. Otherwise, please let us now if and why your platforms aren't affected.

I own a TK11, it has a TPM 2.0 module, manufacturer version 600.7.0.0, subversion 1.38.

Sadly i requested bios as well and they do not provide any bios, i think their firmware is locked fully and no one can change it from software. It needs ch341 programmer probably

Popastefanx wrote: ↑Wed Apr 19, 2023 2:54 pm Sadly i requested bios as well and they do not provide any bios, i think their firmware is locked fully and no one can change it from software. It needs ch341 programmer probably

You can place EFI shell (shellx64.efi) and AfuEfix64.efi onto a FAT32 formatted USB drive, then use the option in BIOS called "Boot EFI shell from file system device" from last tab to start the EFI shell application. In there, switch to desired file system (type "fs0:"), then use AfuEfix64 to dump the BIOS contents: "AfuEfix64.efi backup.rom /o". I was able to open the exported image in UEFITool just fine, seems like a valid Amercian Megatrends UEFi image. "flashrom" from DOS would probably have worked as well, but I cannot boot the FreeDOS image generated using Rufus since it requires CSM, which this system seems to be lacking. To dump the BIOS using flashrom, in case you get around it, use "flashrom -p internal -r backup.rom".

In response to this situation, we are checking with the manufacturer.