Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported

Ask the Community
Close
Ask the Community
nav search Icon
Forums gray-arrow gray-arrow
Resources gray-arrow gray-arrow
About gray-arrow gray-arrow
Groups gray-arrow gray-arrow
nav-user Account

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported

KeOn_
Level 5
Level 5
Distributor - Macnica (Japan)
100 sign-ins 25 replies posted 10 solutions authored
‎Dec 20, 2022 12:34 AM
‎Dec 20, 2022 12:34 AM
Jump to solution

Hi,

https://community.infineon.com/t5/OPTIGA-TPM/Does-Infineon-s-TPM-FW-Update-Tool-use-OpenSSL/m-p/3873... 

I have one more question related to the URL above. The FW Update Tool was released when Infineon's RSA encryption key vulnerability was reported (https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160).
Is it correct that the OpenSSL vulnerability does not affect that tool?

Best Regards

Labels
0 Likes
Subscribe
1 Solution

Re: Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported

Sneha_P
Moderator
Moderator
Moderator
250 replies posted 250 sign-ins First comment on blog
In response to KeOn_
‎Dec 20, 2022 04:09 AM
‎Dec 20, 2022 04:09 AM
Jump to solution

Hi @KeOn_ ,

Yes, you are correct in understanding that the FW Update Tool provided at this time does not include the vulnerable OpenSSL.

View solution in original post

3 Replies

Re: Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported

Sneha_P
Moderator
Moderator
Moderator
250 replies posted 250 sign-ins First comment on blog
‎Dec 20, 2022 03:17 AM
‎Dec 20, 2022 03:17 AM
Jump to solution

Hi @KeOn_ ,

IFX update tool does not contain "RSA VULNERABILITY" (nor does it contain an OpenSSL vulnerability)

0 Likes

Re: Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported

KeOn_
Level 5
Level 5
Distributor - Macnica (Japan)
100 sign-ins 25 replies posted 10 solutions authored
In response to Sneha_P
‎Dec 20, 2022 03:40 AM
‎Dec 20, 2022 03:40 AM
Jump to solution

I'm sorry, but what I wanted to ask is the following.
I remember that the FW Update Tool was provided as a countermeasure when a vulnerability was found in Infineon's RSA library. (https://www.kb.cert.org/vuls/id/307015)
Am I correct in understanding that the FW Update Tool provided at this time does not include the vulnerable OpenSSL?

0 Likes

Re: Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported

Sneha_P
Moderator
Moderator
Moderator
250 replies posted 250 sign-ins First comment on blog
In response to KeOn_
‎Dec 20, 2022 04:09 AM
‎Dec 20, 2022 04:09 AM
Jump to solution

Hi @KeOn_ ,

Yes, you are correct in understanding that the FW Update Tool provided at this time does not include the vulnerable OpenSSL.