Does Infineon's TPM FW Update Tool use OpenSSL?

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
KeOn_
Level 5
Level 5
Distributor - Macnica (Japan)
100 sign-ins 25 replies posted 10 solutions authored

Hi,

I checked the site below and it says that InfineonTpmUpdateDxe uses old OpenSSL.

https://thehackernews.com/2022/11/dell-hp-and-lenovo-devices-found-using.html 

Does Infineon's TPM FW Update Tool still use OpenSSL?
Also, is there any vulnerability in that OpenSSL?

Thank you very much.

0 Likes
1 Solution
GuillaumeR
Employee
Employee
5 likes given 5 sign-ins First solution authored

Hi @KeOn_ , @Sneha_P and the whole community,

On December 13th 2022, I'm able to say that Infineon's TPM FW Update Tool is not affected by any "OpenSSL" CVE (vulnerability) reporting.

View solution in original post

4 Replies
Sneha_P
Moderator
Moderator
Moderator
250 replies posted 250 sign-ins First comment on blog

Hi @KeOn_ ,

We are aware of the article you shared, could you please specify which vulnerability of the TPM update tool you are referring to?
Also, we always recommend our customers to use the latest update tool with OpenSSL version 1.1.1e which is tested and is not affected by any vulnerability.

Thanks,

Sneha

GuillaumeR
Employee
Employee
5 likes given 5 sign-ins First solution authored

Hi @KeOn_ , @Sneha_P and the whole community,

On December 13th 2022, I'm able to say that Infineon's TPM FW Update Tool is not affected by any "OpenSSL" CVE (vulnerability) reporting.

KeOn_
Level 5
Level 5
Distributor - Macnica (Japan)
100 sign-ins 25 replies posted 10 solutions authored

Thank you for your reply.

I would like to add one more point, when the vulnerability of Infineon's RSA encryption key was reported before, the FW Update Tool was released.
Is it correct that the OpenSSL vulnerability does not affect that tool?

https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 

0 Likes
Takashi_M
Moderator
Moderator
Moderator
1000 replies posted 500 solutions authored 750 replies posted

This additional question has been posted in different thread.

Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported 

So, this thread has been locked, will continue the discussion on the above new thread.

0 Likes