2022/05/30
Getac Technology Corporation Statement on Trusted Platform Module Firmware Security Update Notice:Getac Technology Corporation (“Getac”) continues to work on qualifying and applying the fixes provided by Nuvoton Technology Corporation (“Nuvoton”) to supported Getac systems. Please refer to the table below to identify fixes for your systems. Release Date: 1st Apr, 2022Last Updated: 30 May, 2022 Summary: Nuvoton has informed Getac of a potential vulnerability that an attacker with physical access to Nuvoton Trusted Platform Module (“TPM”) NPCT75x (7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography private key via a side-channel attack against ECDSA because of an Observable Timing Discrepancy. (link)CVEID: CVE-2020-25082 Getac Affected Products and Recommendations:1. For certain products currently being manufactured or already in the field, Getac will also release solutions for the update. Please check the affected products in the table below. 2. The latest version solution is backwards-compatible with the previous version.Getac Affected Products and Solution Product NameCPU GenerationTPM FW VersionRelease DateSolution LinkA14010th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035B3008th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035B36010th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035F1108th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035F11011th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035K1208th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035K12011th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035S4108th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035S41011th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035UX108th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035UX1010th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035V1108th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035V11010th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035RX107th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035 * Please note that the schedule above is subject to change due to test status. Getac Disclaimer:All content and other information mentioned in this statement or offered arising from the issue described herein are provided on an “as is ” basis. Getac hereby expressly disclaims any warranties of any kind, express or implied, including without limitation warranties of merchantability, fitness for any particular purpose, non-infringement of intellectual property. All products, information, and figures specified are preliminary based on current expectations and Getac reserves the right to change or update any content thereof at any time without prior notice. Getac assessments have been estimated or simulated using Getac internal analysis or architecture simulation or modeling, and may not represent the actual risk to the users’ local installation and individual environment. Users are recommended to determine the applicability of this statement to their specified environments and take appropriate actions. The use of this statement, and all consequences of such use, is solely at the user’s own responsibility, risk, and expense thereof. In no event shall Getac or any of its affiliates be liable for any and all claims, damages, costs or expenses, including without limitation, loss of profits, loss of data, loss of business expectancy, compensatory, direct, indirect, consequential, punitive, special, or incidental damages or business interruption arising out of or in connection with related to the information contained herein or actions that the user decides to take based thereon. Getac reserves the right to interpret this disclaimer and update this disclaimer whenever necessary.
