Solved: Re: How important are TPM updates? - HP Support Community

chaloots · ‎03-14-2020

I did a little poking around in Windows Security after having it detect and remove a nasty. In Device security I clicked on Security processor, where TPM specs are displayed. This 800 G2 Desktop Mini is spec version 1.2. An internet search revealed that there was a more current version. I considered using Device Manager to initiate an update but remembered reading too many horror stories of going that route for non-Microsoft drivers/updates. An internet search landed me on infineon.com's site, which in turn led me to the current, appropriate HP page, where version 2 lives.

Downloaded but not yet installed, as I'm a bit confused as to how best to proceed. One would presume with the https://support.hp.com/us-en/document/c05792935 page labeled boldly, "Security Update" - and the notice the information in this security bulletin should be acted upon as soon as possible that this update was of some significance, but curiously there had been no warnings or alerts of any kind, from any entity, and I'm not one to ignore a security alert from a trusted source. I then fired up HP Support Assistant to check there and see what it advised; there was no mention of it there, at all, anywhere.

And then there's there's the fact that the status of my TPM is listed in Windows Security>Security Processor as "Attestation Not supported". What's that supposed to mean, I wonder?

I'm currently of the perception that I should go ahead and install sp87753. But I also can't shake the feeling that there should have been *some* kind of signal or warning from *somewhere* to bring this to my attention, rather than me having to discover it for myself. What I'd also like to know is whether it's required to clear TPM prior to an update.

We don't see things as they are, we see them as we are.
- Anaïs Nin

Paul_Tikkanen · ‎03-14-2020

The HPSA would not be able to determine how the PC is being used and the particular update being referenced in the security bulletin would not take up any disk space. I think that goes right into the firmware, like the BIOS update does.

Things you don't need if they are installed, would be the HP client security manager software, and its plug ins.

Anytime I received a PC with the security software on it, that was the first thing I uninstalled.

That is why I pretty much ignore any security/firmware updates.

I have seen posts where folks have attempted to update the Intel management engine interface firmware, and trashed their PC's.

If you are just using your G2 mini to surf the web, watch videos, word documents, spreadsheets and whatnot, you don't need to be messing with any hardware security updates.

If you see a BIOS update, read the release notes first and make sure they address an issue you are having with the PC, or provide some enhancement you would want to use.

If in doubt whether or not you should install a particular update, post on the forum like you did today, or pass it by.

View solution in original post

Paul_Tikkanen · ‎03-14-2020

Hi:

I registered my PC's with HP and periodically receive security bulletins such as what you found.

I agree that would be the file you would use to update the TPM 1.2 hardware.

My HP Stream Pro G4 with the TPM 2.0 is included on that list.

I did not do the update. I have a newer BIOS revision than the one listed for my PC in the security bulletin, so apparently my BIOS already has the update.

I also think that the security concerns would be if you use Bitlocker which needs the TPM. I don't use Bitlocker.

I'm not too keen on updating firmware or BIOS' unless there is something that fixes a problem that I am having with my PC.

There is the outside chance that running the update could wreck the PC, so I tend to shy away from such things.

I have never had a virus issue on any of my PC's.

Maybe if I did, I would not be as circumspect as to not do BIOS or firmware updates.

I did a search of the forum regarding TPM updates, and don't see any horror stories.

https://h30434.www3.hp.com/t5/forums/searchpage/tab/message?q=TPM%20update&collapse_discussion=true

chaloots · ‎03-14-2020

I'm in agreement with you that this is not going to be a priority and for similar reasons, Paul. If there hadn't been any bells and whistles before now to do anything the appropriate conclusion would be to just leave it on simmer. Now, I could be wrong (and I hope I'm not) but I guess it wasn't all that important after all.

We don't see things as they are, we see them as we are.
- Anaïs Nin

Paul_Tikkanen · ‎03-14-2020

Your update seems to be some kind of separate TPM update, where the one for my notebook was rolled into a BIOS update.

You can read the actual info on the file you need at the link below...

ftp://ftp.hp.com/pub/softpaq/sp87501-88000/sp87753.html

And if you look at the fix, it appears to only pertain to W7 and not even for your specific model PC.

FIXES:
- Fixes an issue on a Thin Client system running Windows 7 Embedded operating system where the system does not detect the correct status of BitLocker.

chaloots · ‎03-14-2020

This whole, entire TPM experience has been as clear as mud. How would the average user be able to determine whether or not to pull the trigger on this?

thanks again, Paul

We don't see things as they are, we see them as we are.
- Anaïs Nin

Paul_Tikkanen · ‎03-14-2020

You're very welcome.

The average user wouldn't normally be in a position to know what to do.

The same can be said for the occasional Intel Management Engine Firmware updates.

Those kind of updates are usually only important for the business world, who hopefully have a trained IT staff to implement them.

I have only owned HP business-class desktop and notebook PC's, and don't need or use the enterprise security features they offer.

I like them because the PC's/notebooks are made better than the consumer class models, and for me they seem to last forever.

chaloots · ‎03-14-2020

As the owner of a refurbed HP business class machine I too have had mixed thoughts about installing added software merely on the recommendation of HP Support Assistant. I mean, how could it possibly determine that I'm not enterprise?

Now you've got me wondering just how many installed HP/Intel business-class apps I've got and what HDD space they've been occupying.

We don't see things as they are, we see them as we are.
- Anaïs Nin

Paul_Tikkanen · ‎03-14-2020