- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I checked the site below and it says that InfineonTpmUpdateDxe uses old OpenSSL.
https://thehackernews.com/2022/11/dell-hp-and-lenovo-devices-found-using.html
Does Infineon's TPM FW Update Tool still use OpenSSL?
Also, is there any vulnerability in that OpenSSL?
Thank you very much.
Solved! Go to Solution.
- Labels:
-
OPTIGA™ TPM
- Tags:
- tpm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @KeOn_ ,
We are aware of the article you shared, could you please specify which vulnerability of the TPM update tool you are referring to?
Also, we always recommend our customers to use the latest update tool with OpenSSL version 1.1.1e which is tested and is not affected by any vulnerability.
Thanks,
Sneha
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply.
I would like to add one more point, when the vulnerability of Infineon's RSA encryption key was reported before, the FW Update Tool was released.
Is it correct that the OpenSSL vulnerability does not affect that tool?
https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This additional question has been posted in different thread.
Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported
So, this thread has been locked, will continue the discussion on the above new thread.