Chromebook TPM firmware vulnerability: technical documentation
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update [sites.google.com]
2017-10-11 16:35
There is a bug in certain Infineon TPM firmware versions which results in RSA keys generated by the TPM being vulnerable to attacks. The currently known exploits are computationally expensive though, i.e. TPM-generated RSA keys can’t be broken at large scale, but targeted attacks are possible. To summarize: There exists a practical attack against TPM-generated RSA keys, but it doesn’t allow large-scale exploitation of Chrome OS devices.
Installing the TPM firmware update requires a hardware reset of the TPM chip. This means that all data held by the TPM will be discarded. This includes disk encryption keys, implying all user data stored locally on the device will be lost. Thus, you need to carefully backup any important data before you install the update.
source: green