TPM Chipsets Generate Insecure RSA Keys. Multiple Vendors Affected

TPM Chipsets Generate Insecure RSA Keys. Multiple Vendors Affected

By | October 16th, 2017
No Comments on TPM Chipsets Generate Insecure RSA Keys. Multiple Vendors Affected

Infineon TPM chipsets that come with many modern-day motherboards generate

insecure RSA encryption keys that put devices at risk of attack.


TPM stands for Trusted Platform Module (TPM), which is an international standard for secure cryptoprocessors that are used to store critical data such as passwords, certificates, and encryption keys. At the hardware level, TPMs are dedicated microcontrollers that co-exist on the main system board (motherboard) and provide hardware isolation and generate and store artifacts used to authenticate the platform, such as passwords, certificates, or encryption keys.

According to a security alert issued by Infineon last week, a vulnerability in the Infineon TPM firmware results in the generation of RSA keys. Only Infineon TPMs based on the TCG specification family 1.2 and 2.0 are affected. Infineon is one of the many TPM vendors currently used in production, so not all motherboards are affected. Infineon issued a firmware update last week and has forwarded the update to motherboard vendors which are now working on integrating the Infineon TPM firmware update into all their products.

Until motherboard vendors issue a new firmware update to include Infineon’s TPM fix, the general recommendation is to move critical users and data handling operations to devices that have updated firmware or to devices not affected by this vulnerability.

Once users have received the firmware update, they should regenerate all TPM keys. This is done by changing all passwords for TPM-enabled apps.

Because it is hard to know what apps and OS features use the TPM, users can reset the TPM module by typing TPM.MSC in their Windows Search/Run field and resetting the TPM from there.

More instructions are available in this Technet article.

Nisheeth Bhakuni