Last Modified:
I recently (April 2022) bought a TPM module to fit my Gigabyte B550 Aorus Pro AC motherboard running Win11. While the AMD Ryzen 5 5600G processor includes fTPM I arbitrarily decided to switch to a hardware TPM. As a certified cheapskate, I ordered a 12 pin TPM module to fit my Gigabyte board from China. Delivered cost was $7.75; it took 5 weeks to arrive. The eBay vendor's ad for the TPM module included the pinout of the module and this matched the TPM pinout in my Gigabyte manual so it was clear which module to order.
The fTPM was disabled and the TPM hardware module enabled in the UEFI without difficulty. Per the picture at right, the Infineon firmware in the module was the original from 2013 which has an issue that makes it less secure than intended. The firmware was updated in 2016 to fix this problem but apparently old chips are still being used; firmware version 5.0 needs to be updated to version 5.6x.
Infineon's site doesn't seem to have information on how to update the TPM firmware on their chips, at least I couldn't find it. Infineon expects the manufacturers to provide update procedures for Infineon chips included in their systems. Indeed, large manufacturers seem to do just that. But Gigabyte doesn't provide this capability. So I poked around on the net to find information that would allow me to update my TPM chip. I found a German site, Schenker, which has a scheme to update Infineon 1.2 or 2.0 firmware on Windows systems. I downloaded their ZIP file and used Google to translate their documentation to English.
Something was apparently lost in the translation because Schenker's update using BAT files didn't work for me. But, in looking at the files supplied by Schenker and the instructions for use of Infineon's TPMFactoryUpd program it looked like the key ingredients were there. That is, the Infineon instructions are for Linux but Schenker had made the tools to work with Windows.
I had previously found the Silvenga blog but couldn't figure out how to download the required files, which I now had gotten from Schenker. So, I used the approach shown at Silvenga and the data from Schenker to put together an approach to updating the Infineon firmware using PowerShell to control things. I'm not a PowerShell expert so I made notes outlining my plan and included the PowerShell commands which would be used. It's a simple approach so only 6 PowerShell commands were needed. Unfortunately, you must boot into UEFI at two points to disable/enable the TPM which is a minor complication that varies based on the mobo and UEFI so it isn't detailed in my notes.
To execute my plan I ran PowerShell as administrator on the left side of my screen and opened my notes in Notepad on the right side of my screen. I then followed the plan by copying each of the PowerShell commands from the notes and pasting them into PowerShell. There are a total of 6 PowerShell commands but after the first two you must re-boot into UEFI and disable the TPM module, then start Win11 and arrange things on the screen again before executing the remaining part of the plan. Overall it takes about 5 minutes total. My result after updating the firmware is seen in the picture at right.
The firmware version of the update BIN file must exactly match the firmware programmed into the chip or it can't be updated by this method. There are more BIN files at the PremaMod site in Maintenance; read the Disclaimer, it has the password needed to unzip the files.
If you have a comment on this site or its contents, click here, scroll down and click again.
