We use cookies and similar technologies (also from third parties) to collect your device and browser information for a better understanding on how you use our online offerings. This enables us to optimize and personalize your experience with Infineon and to provide you with additional services and information based on your individual profile. Details are available in our privacy policy.
Privacy Policyand Imprint
View and change cookie settings
Accept
Reject
Ask the Community

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

OPTIGA™ TPM Forum Discussions

KeOn_
Level 4
Level 4
10 solutions authored 10 replies posted 50 sign-ins
‎Dec 20, 2022 12:34 AM
‎Dec 20, 2022 12:34 AM

Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported

Jump to solution

Hi,

https://community.infineon.com/t5/OPTIGA-TPM/Does-Infineon-s-TPM-FW-Update-Tool-use-OpenSSL/m-p/3873... 

I have one more question related to the URL above. The FW Update Tool was released when Infineon's RSA encryption key vulnerability was reported (https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160).
Is it correct that the OpenSSL vulnerability does not affect that tool?

Best Regards

Labels
0 Likes
Subscribe
1 Solution
snehapra
Moderator
Moderator
Moderator
100 replies posted 25 likes received 100 sign-ins
In response to KeOn_
‎Dec 20, 2022 04:09 AM
‎Dec 20, 2022 04:09 AM

Re: Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported

Jump to solution

Hi @KeOn_ ,

Yes, you are correct in understanding that the FW Update Tool provided at this time does not include the vulnerable OpenSSL.

View solution in original post

3 Replies
snehapra
Moderator
Moderator
Moderator
100 replies posted 25 likes received 100 sign-ins
‎Dec 20, 2022 03:17 AM
‎Dec 20, 2022 03:17 AM

Re: Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported

Jump to solution

Hi @KeOn_ ,

IFX update tool does not contain "RSA VULNERABILITY" (nor does it contain an OpenSSL vulnerability)

0 Likes
KeOn_
Level 4
Level 4
10 solutions authored 10 replies posted 50 sign-ins
In response to snehapra
‎Dec 20, 2022 03:40 AM
‎Dec 20, 2022 03:40 AM

Re: Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported

Jump to solution

I'm sorry, but what I wanted to ask is the following.
I remember that the FW Update Tool was provided as a countermeasure when a vulnerability was found in Infineon's RSA library. (https://www.kb.cert.org/vuls/id/307015)
Am I correct in understanding that the FW Update Tool provided at this time does not include the vulnerable OpenSSL?

0 Likes
snehapra
Moderator
Moderator
Moderator
100 replies posted 25 likes received 100 sign-ins
In response to KeOn_
‎Dec 20, 2022 04:09 AM
‎Dec 20, 2022 04:09 AM

Re: Regarding the FW update tool released when Infineon's RSA encryption key vulnerability was reported

Jump to solution

Hi @KeOn_ ,

Yes, you are correct in understanding that the FW Update Tool provided at this time does not include the vulnerable OpenSSL.