]]>

IMPORTANT SECURITY UPDATES!

Discussion in 'Sager and Clevo' started by Prema, Nov 30, 2017.

  1. Prema

    Prema HIBERNATING

    Reputations:
    6,730
    Messages:
    5,370
    Likes Received:
    12,150
    Trophy Points:
    681
    Did you see my edit? The signature thing was from the TBT firmware not the TPM...totally my bad!
    I was just feeling the need to reply via mobile to a file posted in my thread with missing instructions, while gaming all night...
    Point being of all my replies was the additional BIOS TPM reset required to clear the thing properly, which was provided in big red letters in the factory TPM update documentation warning us about the vulnerable keys being migrated if neglected. Anyway you are welcome for the latest TPM firmware and instructions. And don't worry I got them through proper channels and not by googling on the net...

    Clevo BIOS & TBT firmware are factory signed as well.
     
    Last edited: Feb 2, 2018
    steberg likes this.
  2. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    1,617
    Messages:
    4,972
    Likes Received:
    2,832
    Trophy Points:
    231
    Is it AMI signing server or what?
     
  3. Prema

    Prema HIBERNATING

    Reputations:
    6,730
    Messages:
    5,370
    Likes Received:
    12,150
    Trophy Points:
    681
    BIOS are signed by AMI, TBT are signed by Intel Israel. The annoying part about the TBT is that it can not be cross-flashed even to the same TBT chip model as it is motherboard specific.
    So while a P870DM may use the same TBT chip as the P750DM, you need to request an additional signed file.
    It's something I am fighting with atm to finally fill that blank section on the blog, hence me bringing it up accidentally out of context with the tpm stuff.
     
    Last edited: Feb 2, 2018
    steberg and Vasudev like this.
  4. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    1,617
    Messages:
    4,972
    Likes Received:
    2,832
    Trophy Points:
    231
    Windows event says my TPM make is Intel, is it true?
     
  5. Prema

    Prema HIBERNATING

    Reputations:
    6,730
    Messages:
    5,370
    Likes Received:
    12,150
    Trophy Points:
    681
    Probably, but I don't have service manuals for your Alienware...
     
    Vasudev likes this.
  6. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    1,617
    Messages:
    4,972
    Likes Received:
    2,832
    Trophy Points:
    231
    Dell actually makes it publicly available. Anyway, what's TBT?
     
  7. Prema

    Prema HIBERNATING

    Reputations:
    6,730
    Messages:
    5,370
    Likes Received:
    12,150
    Trophy Points:
    681
    Then just double check it there. Thunderbolt
     
    sicily428 and Vasudev like this.
  8. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    1,617
    Messages:
    4,972
    Likes Received:
    2,832
    Trophy Points:
    231
    That I didn't know. Thanks.
    Did you get your hands on beta microcodes from Intel, does the performance really affects when CPU is loaded 100%. I had a issue where my CPU got into a deadlock state on 100% utilisation. I had to manually push the pwr button to switch it off and on to get it back to working state.
     
  9. Prema

    Prema HIBERNATING

    Reputations:
    6,730
    Messages:
    5,370
    Likes Received:
    12,150
    Trophy Points:
    681
    They haven't frozen them yet and still advise vendor to downgrade to pre-fix revisions.
    I hope we get clearance next week as holding everything back is a royal waste of time...
     
    steberg, Papusan and Vasudev like this.
  10. Qadhi79

    Qadhi79 Notebook Enthusiast

    Reputations:
    21
    Messages:
    48
    Likes Received:
    35
    Trophy Points:
    26
    Yeah, my argument was about the TPM signatures as they are signed by Infenion and all the details about TPM EK didn't make any sense.

    I understand and it is true that the user generated keys if not cleared will migrate and this is exactly how they should work..else a simple firmware or BIOS update will render a whole encrypted disk useless.

    The TPM user area can be cleared after a firmware update so if someone forgot to clear it, he can always do it after the update. Windows will give you an error if there is a problem clearing TPM using TPM.MSC or the command line. Some BIOS versions will prompt you after a software clear to press a key to continue and some will just boot up without any notification after a software TPM clear but if you you were using a fingerprint/PIN or disk encryption then they will stop working which will confirm that TPM was successfully cleared by software. For average joe user, best to follow vendor instructions I agree.

    I know you get things officially and go through a lot of testing so have no doubt about your sources or your mods :)
     
Loading...

Share This Page