News AMD partners roll out new BIOS updates to patch TPM vulnerability — error with AMD CPUs addressed with AGESA 1.2.0.3e

[Admin]

A large number of AMD CPUs, including Ryzen 7000, 8000, and 9000 processors, are vulnerable to a security flaw that could allow hackers to retrieve sensitive information within the TPM.

AMD partners roll out new BIOS updates to patch TPM vulnerability — error with AMD CPUs addressed with AGESA 1.2.0.3e : Read more

 

[Alvar "Miles" Udell]

The question is if 500 and 400 series AM4 motherboards will receive the update as well. Techpowerup's article sort of suggests only AM5 will be updated as they mention MSI stating that fixes are rolling out to AM5 motherboards, nothing about AM4.

 

[itsrunny]

The question is if 500 and 400 series AM4 motherboards will receive the update as well. Techpowerup's article sort of suggests only AM5 will be updated as they mention MSI stating that fixes are rolling out to AM5 motherboards, nothing about AM4.

well the issue is that AMD have only patched the issue in the latest AM5 firmware(AGESA 1.2.0.3e) thus far, i'd be shocked if they didn't release updated AM4 firmware in the coming days though and then it's up to the Motherboard manufacturers as to whether they in-turn release an updated BIOS which includes the updated firmware, given the severity, i'd be very surprised if all the majors didn't....

 

[JustSayn]

well the issue is that AMD have only patched the issue in the latest AM5 firmware(AGESA 1.2.0.3e) thus far, i'd be shocked if they didn't release updated AM4 firmware in the coming days though and then it's up to the Motherboard manufacturers as to whether they in-turn release an updated BIOS which includes the updated firmware, given the severity, i'd be very surprised if all the majors didn't....

The article implies that patches for previous AM4 processor have been deployed over the last few months.

"Impacted processors include a wide range of Ryzen processors between Athlon 3000 "Dali" / Ryzen 3000 "Matisse" and Ryzen 9000 "Granite Ridge" on desktop, and between Ryzen 3000 Mobile "Picasso", and Ryzen AI 300 "Strix Point" on mobile. Similarly, all workstation CPUs from Threadripper 3000 "Castle Peak" to Threadripper 7000 "Storm Peak" are also vulnerable to this bug. That being said, patches for most of these processors have been deployed across different timelines in the past few months"

 

[itsrunny]

The article implies that patches for previous AM4 processor have been deployed over the last few months.

"Impacted processors include a wide range of Ryzen processors between Athlon 3000 "Dali" / Ryzen 3000 "Matisse" and Ryzen 9000 "Granite Ridge" on desktop, and between Ryzen 3000 Mobile "Picasso", and Ryzen AI 300 "Strix Point" on mobile. Similarly, all workstation CPUs from Threadripper 3000 "Castle Peak" to Threadripper 7000 "Storm Peak" are also vulnerable to this bug. That being said, patches for most of these processors have been deployed across different timelines in the past few months"

yeah, it's a tough read ain't it! according to the AMD security bulletin it was fixed last year for 7000 Series processors also, the difference being it would appear is that AGESA 1.2.0.3e is for ASP fTPM + Pluton TPM, whereas ComboAM5PI_1.2.0.2 and ComboAM5PI_1.1.0.3b, which were released last year, only resolved the issue for ASP fTPM? Don't know, all very confusing, so yeah, like i said, it's a tough read!

 

[das_stig]

TPM2 is a must for security, seems to have more holes and updates than TPM1.2 had?

 

[TechNomad]

TPM: just another attack vector. Best case, all that's been done is to increase platform and OS bloat. Instead of two steps forward and one back, it's more like two steps forward and two back.