IMPORTANT SECURITY UPDATES!

S76 don't officially support Windows and use entirely different BIOS/EC than ALL other stock Clevo systems, even before they disabled the ME, hence the 'IF you are a Windows user' in my first reply.
Of course you can do the above, all I am saying it ain't very clever to do it on a large scale on systems designed for gamer and OCer like these Clevo's. If the consequences don't matter in your case and security goes above everything, then go ahead and do it for your system. Here the original article: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html

 

Oh that is interesting. I did not realize their BIOS is totally different. I wonder if they use coreboot. On an interview they did they mention that AMI has some weird NDA preventing developers working with AMI BIOSes to work on coreboot and that they avoid AMI like the plague. They mentioned it here at 15:30:

I wonder if I can install their BIOS on my Clevo. I'm currently running one of your BIOSes but my main complaint is the slow initialization speed.

 

Nvme drives take little more time to initialise so that might be the issue.
See if Fast boot is enabled/disabled?

 

I don't think 15 seconds of BIOS time is notmal

 

For NVMe drives it is...

 

Even with no NVME drives installed? Guess I'll try disabling PCIe ports.

 

Do you have any apps running at Startup, esp. Win32/desktop apps?
UWP apps doesn't increase boot time at all.
I have mediocre PCIe NVME SSD and boot time is 6-8 sec with 4 apps running. On SATA SSD with Linux, it boots in 3-4 sec.
Optionally you get detailed info in Task Mgr's Startup tab. Simply right click on Name or publisher or startup impact to get Disk IO at startup, CPU overhead and other details.

 

Are you joking right now? I specifically said BIOS initialization. Why are you talking about Windows?

 

I wrote, its an optional step in case you wanted to investigate further.
If you want System Logo to be disaplayed then disable Quiet boot and enable Fast boot.

 

There is nothing to investigate. Clevo BIOSes have slow initialization, others like MSI or ASRock do not. Simple as that.

And yes, fastboot is enabled.

 

What about Quiet boot? (If its Aptio 5 BIOS/EFI)

 

I have a P775TM1-G and was going through the windows event logs and found this

Source: TPM-WMI
Event ID: 1794
Level: Error
User: SYSTEM
OpCode: Info

"The Trusted Platform Module (TPM) firmware on this PC has a known security problem. Please contact your PC manufacturer to find out if an update is available. For more information please go to https://go.microsoft.com/fwlink/?linkid=852572"

Current Status:
ME Firmware Version: 11.8.50.3425
BIOS Version: 1.05.04PS
KBC/EC Firmware Revision: 1.05.03

Any fix available for this issue?

 

TPM update guide move to a new thread
http://forum.notebookreview.com/threads/tpm-security-update.813300/

 

And Intel continue push out new versions of their Intel-SA-00086 Detection Tool. Now up in the 5 version - (Version: 1.1.169.0 - Latest Date: 1/24/2018)

 

Ok you should probably open a new thread about this update, to not hijack Premas thread.. But it works fine. Upgraded my TPM from version 5.51 to 5.62. Thank you! +Rep

 

I am sitting on a bunch of TPM updates and will request the Mods to Edit the OP once I am confident in the method, so that we have all the security stuff in one place.

Right now if the old TPM isn't properly cleared before flashing the new one the old and vulnerable keys will be migrated into the new firmware and there will be no way to get rid of them after the flash. Clearing them only in Windows doesn't clear them in the TPM, that has to be done in BIOS prior to disabling the chip.
So I have to make it as fool proof as possible or it'll cause more damage than good.

 

Yes, I saw the clear TPM option in BIOS and did that too. It's good to know you're working on it!

 

@Prema

The TPM Endorsement Key (TPM EK) is permanent and generated at the factory which cannot be changed.

The TPM vulnerability exploits a weakness in an algorithm and the user keys generated by it and not the TPM EK itself.

Not sure what stays trapped forever because the user keys can be cleared anytime again and again. Also, if the TPM user keys are not cleared in Windows then it should allow you to log in using your old fingerprint which it does not in this case.

 

It has to do with the way the public key is generated. Think of it as a too thin thread which has to be cut back to it's origin as otherwise all the thicker threads that are attached later on remain weak due the original one remaining.

 

Would prefer a more technical response as TPM EK is from factory and cannot be changed. Clearing TPM clears the user generated keys and the vulnerable algorithm is updated with the firmware.

What's left now? What's the name of the "thin thread"?

Sent from my SM-G950F using Tapatalk

 

We need 14 different TPM updates just to cover the Clevo Infineon models/revisions. We have been testing for a while and e.g. that 5.62 has already been succeeded by a newer version and they require to be updated in steps.
Please be patient...

This should help:

https://docs.microsoft.com/en-us/wi.../manage/component-updates/tpm-key-attestation

 

The link talks about TPM EK and how to use the EK public key to authenticate with the CA..nothing about stuck certificates or inability to clear TPM.

Still trying to know which "certificates are left forever and cannot be changed"..are these TPM EK or TPM SK? TPM EK are from factory and cannot be changed..vulnerable code is fixed and updated..that leaves TPM SK user certificates which Windows resets and can be rest again and again before and after firmware update..

Which certificates are left now and cannot be cleared later? I am a crypto major and can understand the most technical details and some more.

Sent from my SM-G950F using Tapatalk

 

Forget about the OS part of that link. It's only to explain that the EK consists of a private and a public key.
One is hardcoded, the other one is not. The instructions to hard-clear the chip comes directly from Infineon (incl. the reason and side effects of not doing it) and while many ODMs have been designing their 'readmes' and 'patcher' accordingly, Clevo has not been following their guidelines. Hence the warning.

Edit: Removed the signing info I got confused with TBT firmware due to me playing Fortnite all night long while answering this stuff. Sorry for that. Next time I'll just shut up and keep playing.

 

A key "pair" is always 2 keys (public and private) and changing any of these will break the encryption chain. It is not possible to modify the TPM EK public or TPM EK private key so this is one half of the TPK EK and there is no danger of overwriting or erasing it.

Next is TPM EKCert which is provided by the Manufacturer. Some TPM manufacturers do not include an EKCert but Infineon does.

The TPM EK public key, the TPM EK private key and also the TPM EKCert are issued from Infineon and not CLEVO so there is nothing with CLEVO and no way to overwrite any of these.

I have uploaded the most recent EKCerts (ECC and RSA) for Infineon TPM SLB 9665 firmware version 5.62.x (December 05, 2017) below for you but EKCerts are of no use or hamper any update for CLEVO machines.

Infineon-OPTIG(TM) RSA Manufacturing CA 029 Issued by RootCA-C-v01_00-EN.crt and Infineon-OPTIGA(TM) ECC Manufacturing CA 029 Issued by RootCA-C-v01_00-EN.crt
https://onedrive.live.com/download?...=1E25BD0C9E57C3DA!600&authkey=AABfmHANALZzC0o

PS. I still want to know which vulnerable keys will migrate to the new system and remain there forever..so far it doesn't look like any keys are doing that.

 

I can't share confidential material to tell you what exactly they do only why it is important and that they advised vendor to flash accordingly. Point being it is very important to also clear the chip via BIOS function and not only reset it via OS call, something Clevo simply ignored in their SOP. I don't work for Infineon, it's simply what we have been given. I really did my best here, sorry if it doesn't satisfy your curiosity...

Edit: Removed the signing info I got confused with TBT firmware due to me playing Fortnite all night long while answering this stuff. Sorry for that. Next time I'll just shut up and keep playing.

 

I am less curious and more surprised that you are constantly changing your response and incorrectly describing how encryption and TPM works.

1. Your first mentioned "if the old TPM isn't properly cleared before flashing the new one the old and vulnerable keys will be migrated into the new firmware and there will be no way to get rid of them after the flash." - no keys can get stuck in the TPM and you have still not responded which keys are these and constantly dodging with random reponse
2. When I asked about the keys again and mentioned TPM Endorsement Key, again instead of replying with something meaningful, you responded with a Microsoft article about TPM Key Attestation which is nothing to do with this vulnerability or how TPM keys are stored
3. When I again pointed this out, you incorrectly described asymmetric encryption and TPM EK saying one is hardcoded and one is not..when in fact, both of these keys are hardcoded and from Infineon and not from CLEVO

and now you are saying these are not generic and unique for vendors..and also that these are signed for the ODM and there is some confidential information involved.

This is completely wrong!! Infineon TPMs are only signed by Infineon and anyone can check that by running Windows Powershell in admin mode and typing the following command:

Get-TpmEndorsementKeyInfo

The above mentioned command will show who has signed the TPM certificate which is always going to be Infineon and not HP or DELL, or CLEVO. I have checked TPM updates from HP, DELL, TOSHIBA and Infineon itself and all of the firmware updates are EXACTLY THE SAME and the firmware files can be verified with an EXACT SIGNATURE MATCH i.e. there is no unique signature and all vendors use Infineon signed TPM firmwares so your response about unique signatures and confidential information is not based on facts.

CEVO owners can run Windows Powershell and the above command to confirm if their TPM is running Infineon "generic" certificate or a CLEVO signed one which will prove my point.

here are the TPM firmware updates from some vendors that others can verify to be exactly the same as Infineon

TOSHIBA
https://cdgenp01.csd.toshiba.com/content/support/downloads/EN-2017-001082-005-TPMFW.exe
HP
ftp://15.73.48.59/pub/softpaq/sp82001-82500/sp82147.exe

PS. I have updated my P775TM1-G firmware to 1.05.06 after the TPM "generic" firmware update with no issues whatsoever.

 

OK, this is all pointless. Let me just prepare some proper instructions and upload all the latest updates in a bit...

 

OK, 'OP' and 'Team Blog' are updated with the latest security updates for 'CLEVO INFINEON TPM 1.2 & 2.0'.

Now please let me focus on the important stuff and continue to work on that Win in Fortnite...

 

it wasn't pointless at all.

you tried to cover up but it didn't work and you burst your own bubble by releasing the "generic" Infenion firmware that any CLEVO owner can verify using the Windows PowerShell command I posted earlier before and after the update.

good luck for the future

 

Even most hardware companies say they use secret sauce on their hardware on specific hardware so you need Spl. sign to get it working. You just proved Infineon supplies generic TPM firmware for most hardware.
I just made a modded BIOS to flash on my dell, guess what it bricked even when BIOS lock was disabled. Dell simply has added additional logic at FW level to stop Flash image writes that doesn't have or match the Hash/signing server.
Good to know your Clevo uses generic drivers and firmwares.

 

Did you see my edit? The signature thing was from the TBT firmware not the TPM...totally my bad!
I was just feeling the need to reply via mobile to a file posted in my thread with missing instructions, while gaming all night...
Point being of all my replies was the additional BIOS TPM reset required to clear the thing properly, which was provided in big red letters in the factory TPM update documentation warning us about the vulnerable keys being migrated if neglected. Anyway you are welcome for the latest TPM firmware and instructions. And don't worry I got them through proper channels and not by googling on the net...

Clevo BIOS & TBT firmware are factory signed as well.

 

Is it AMI signing server or what?

 

BIOS are signed by AMI, TBT are signed by Intel Israel. The annoying part about the TBT is that it can not be cross-flashed even to the same TBT chip model as it is motherboard specific.
So while a P870DM may use the same TBT chip as the P750DM, you need to request an additional signed file.
It's something I am fighting with atm to finally fill that blank section on the blog, hence me bringing it up accidentally out of context with the tpm stuff.

 

Windows event says my TPM make is Intel, is it true?

 

Probably, but I don't have service manuals for your Alienware...

 

Dell actually makes it publicly available. Anyway, what's TBT?

 

Then just double check it there. Thunderbolt

 

That I didn't know. Thanks.
Did you get your hands on beta microcodes from Intel, does the performance really affects when CPU is loaded 100%. I had a issue where my CPU got into a deadlock state on 100% utilisation. I had to manually push the pwr button to switch it off and on to get it back to working state.

 

They haven't frozen them yet and still advise vendor to downgrade to pre-fix revisions.
I hope we get clearance next week as holding everything back is a royal waste of time...

 

Yeah, my argument was about the TPM signatures as they are signed by Infenion and all the details about TPM EK didn't make any sense.

I understand and it is true that the user generated keys if not cleared will migrate and this is exactly how they should work..else a simple firmware or BIOS update will render a whole encrypted disk useless.

The TPM user area can be cleared after a firmware update so if someone forgot to clear it, he can always do it after the update. Windows will give you an error if there is a problem clearing TPM using TPM.MSC or the command line. Some BIOS versions will prompt you after a software clear to press a key to continue and some will just boot up without any notification after a software TPM clear but if you you were using a fingerprint/PIN or disk encryption then they will stop working which will confirm that TPM was successfully cleared by software. For average joe user, best to follow vendor instructions I agree.

I know you get things officially and go through a lot of testing so have no doubt about your sources or your mods

 

Just follow the readme.txt guide. Its all there

I updated from 5.51.2098.0 to 5.63 without any issues!

 

@Prema Thanks for the ME FW update, it worked splendidly. I made a guide for those using BGA Alienware's using Skylake HQ/HK users on 15 r2/17 r3.
New BIOS for 15R2/17R3 v1.4.4

 

And this is double true if you use other facilities such as Intel's SGX.

Intel ME is needed on production platforms.

The HAP bit, even if set, is not some magic bullet that automatically disables ME. If unsure on how to proceed, consider disabling ME on consumer SKUs as deliberate crippling. For one, consumer SKUs do not have the management engine provisioned for AMT, making them immune to SOL attacks over the network.

 

And related, this thread on Reddit might help you to understand how and why System76 go "out of band" with their systems: https://www.reddit.com/r/pop_os/comments/6kn82m/ability_to_install_system76s_drivers_nvidia/djnbiuj/

 

Yes, see Prema Mod's Firmware Update section, and make sure to follow these steps without fail.

 

You are late..I already updated mine and created a new thread for the update process

Sent from my SM-G950F using Tapatalk

 

Perfect, my bad. Good thread, OP.

 

https://thehackernews.com/2018/02/intel-processor-update.html

Well new update out for skylake for Spectre... hopefully you guys can test it and drop it when fully tested so we can flash and feel a bit more secure around the interwebz lol

 

@Prema

 

We are testing for about a week now, but they haven't cleared them all, yet...