Dynabook |
Archive.

A potential security vulnerability has been found in some Infineon TPM (Trusted Platform Module) chips used in Toshiba notebook products.

TPM chips are used for security processes such as controlling encryption keys. These devices are embedded inside Personal Computers and used by Security solution programs.

Infineon is preparing TPM firmware updates to fix this vulnerability. We will release these updates suitable for Toshiba systems as soon as they are available. We recommend that you check immediately if your system is potentially affected (see below). If so, we recommend you implement point 5 ‘Immediate Temporary Measure’ below as a workaround until these TPM firmware updates are ready.

1. Vulnerability overview (for further reference please see Infineon’s support bulletin here and Microsoft security advisory here)

   TPM is used for data encryption, creating a Public Key which is used alongside a Private Key. If the Public Key is accessed, there is a risk that the Private Key could potentially be identified.

2. Possible result of vulnerability
   If a Public Key generated by TPM and its paired Private Key are identified, a third party could impersonate a legitimate user and therefore decrypt data encrypted with a paired Public key and Private Key.


3. Potentially Affected Toshiba Models
   Toshiba systems running Infineon TPM v1.20 and v2.0 are potentially affected. The following table lists potentially affected models:



Tecra	Portégé	Satellite Pro
Tecra A40-C	Portégé A30-C	Satellite Pro A30-C
Tecra A40-D	Portégé A30t-C	Satellite Pro A30t-C
Tecra A50-A	Portégé A30-D	Satellite Pro A30-D
Tecra A50-C	Portégé R30-A	Satellite Pro A40-C
Tecra A50-D	Portégé X20W-D	Satellite Pro A40-D
Tecra C50-B	Portégé X30-D	Satellite Pro A50-A
Tecra C50-C	Portégé Z10t-A	Satellite Pro A50-C
Tecra W50-A	Portégé Z20t-B	Satellite Pro A50-D
Tecra X40-D	Portégé Z20t-C	Satellite Pro R40-C
Tecra Z40-A	Portégé Z30-A	Satellite Pro R50-B
Tecra Z40t-A	Portégé Z30t-A	Satellite Pro R50-C
Tecra Z40-B	Portégé Z30-B	Satellite Pro R50-D
Tecra Z40t-B	Portégé Z30t-B
Tecra Z40-C	Portégé Z30-C	Satellite Z30-C
Tecra Z50-A
Tecra Z50-C
Tecra Z50-D


How to tell if your product could be affected
(a) Run the ‘TPM Management on Local Computer’ utility by typing ‘tpm.msc’ at a Command Prompt with Administrator privileges. You should see a screen similar to the below.

(b) Check ‘Manufacturer Name’: if it is ‘IFX’, then the system uses an Infineon TPM module and is potentially affected. If so, please proceed to step (c).

(c) Check ‘Specification Version’: if it is ‘v1.20’ or ‘v2.0’ your laptop is potentially affected. If so, please proceed to step (d).

(d) Check ‘Manufacturer Version’ against the below table:

TPM Version	Manufacturer Version	Potentially Affected
Version 2.0	5.xx	Below 5.62
Version 1.2	4.4x	Below 4.43
Version 1.2	4.3x	Below 4.34
Version 1.2	Under 3.x	Not affected

(e) If your laptop falls under the category ‘Potentially Affected’, please apply the Immediate Temporary Measure in point 5 below.

4. Immediate Temporary Measure
   Microsoft Corp. released a security update on September 12th 2017 which avoids this vulnerability, by generating a Private Key without TPM. Please refer to the following table and ensure that this security update is applied to your Operating System.



OS	OS Version	Security Update to apply	OS Build with Security Update already applied
Windows 10	1703	KB4038788	15063.608 or higher
Windows 10	1607	KB4038782	14393.1715 or higher
Windows 10	1511	KB4038783	10586.1106 or higher
Windows 8.1		KB4038792	N/A



• Windows 10 : You can check your OS Version and Build from ‘Settings’ → ‘About’
• Windows 8.1 : You can check if security update ‘KB4038792’ has been applied from ‘Control Panel’→ ‘Programs and Features’ then show ‘View installed Updates’
• Windows 7 : There is no Microsoft workaround for Windows 7. Please wait until we provide updated firmware.


5. Schedule of measured firmware release
   Click for Information