TPM Firmware Update Utility
ThinkPads which use the Infineon TPM chip have a firmware update available which addresses the weak RSA key generation issue (read more here). This update is executed by TpmUpdt64.exe (or TpmUpdt.exe on 32-bit OS). The following details about this utility may be useful if you are implementing this update through SCCM or some other software distribution solution.
Command line options:
" -s ... Silent
mode\n"
" -r ... Reboot after
program completed\n"
" -sp ... Skip power
status check\n"
" -chk ... Check current TPM
firmware\n"
" -suc password ... Skip user confirmation at startup\n\n"
" Note: -suc option requires supervisor password.\n"
Return code:
RET_SUCC_REBOOTING
0 // Success (will reboot system)
RET_SUCC_NOTREBOOTING
1 // Success (no reboot)
RET_SUCC_NEED_TO_UPDATE_TPMFW
2 // It is required to update the TPM firwmare on this
system. (-chk option)
RET_SUCC_NO_NEED_TO_UPDATE_TPMFW
3 // It is no need to update the TPM firmware on this
system. (-chk option)
RET_UNDEFINED
-1
RET_FAIL_UNSUPPORTEDSYSTEM
-2 // The process does not recognize this system.
RET_FAIL_NEEDADMINRIGHTS
-3 // You need to be logged on as Administrator in
order to be able to run this utility.
RET_FAIL_INVALID_BIOS
-4 // Current BIOS does not support the TPM firmware
update. You have to update BIOS to the latest version.
RET_FAIL_UNSUPPORTED_TPM
-5 // Unsupported TPM found.
RET_FAIL_INVALID_TPM_CONFIG
-6 // TPM is disabled in BIOS setup.
RET_FAIL_LOAD_TPMFW_IMAGE
-7 // Failed to load TPM firmware image file.
RET_FAIL_INVALID_TPMFW_IMAGE
-8 // TPM firmware image file is invalid.
RET_FAIL_TPMFW_UPDATE_EXPIRED
-9 // TPM firmware updated too many times.
RET_FAIL_UNSUPPORTED_TPMFW
-10 // Unsupported TPM firmware found on this system.
RET_FAIL_EXCEED_PASSWORD_RETRY
-11 // Password failed too many times.
RET_FAIL_PASSWORD_INCORRECT
-12 // Correct supervisor password is required for /SUC
option.
RET_FAIL_NEEDPOWER
-13 // This process requires a charged battery to avoid an
accidental power-off during an update.