Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

OPTIGA™ TPM Forum Discussions

KeOn_
Level 4
Level 4
10 solutions authored 10 replies posted 50 sign-ins

Hi,

https://community.infineon.com/t5/OPTIGA-TPM/Does-Infineon-s-TPM-FW-Update-Tool-use-OpenSSL/m-p/3873... 

I have one more question related to the URL above. The FW Update Tool was released when Infineon's RSA encryption key vulnerability was reported (https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160).
Is it correct that the OpenSSL vulnerability does not affect that tool?

Best Regards

0 Likes
1 Solution
snehapra
Moderator
Moderator
Moderator
100 sign-ins 25 solutions authored 50 replies posted

Hi @KeOn_ ,

Yes, you are correct in understanding that the FW Update Tool provided at this time does not include the vulnerable OpenSSL.

View solution in original post

3 Replies
snehapra
Moderator
Moderator
Moderator
100 sign-ins 25 solutions authored 50 replies posted

Hi @KeOn_ ,

IFX update tool does not contain "RSA VULNERABILITY" (nor does it contain an OpenSSL vulnerability)

0 Likes
KeOn_
Level 4
Level 4
10 solutions authored 10 replies posted 50 sign-ins

I'm sorry, but what I wanted to ask is the following.
I remember that the FW Update Tool was provided as a countermeasure when a vulnerability was found in Infineon's RSA library. (https://www.kb.cert.org/vuls/id/307015)
Am I correct in understanding that the FW Update Tool provided at this time does not include the vulnerable OpenSSL?

0 Likes
snehapra
Moderator
Moderator
Moderator
100 sign-ins 25 solutions authored 50 replies posted

Hi @KeOn_ ,

Yes, you are correct in understanding that the FW Update Tool provided at this time does not include the vulnerable OpenSSL.