Nuvoton TPM 2.0 ECDSA Vulnerability - Lenovo Support NL

**Lenovo Security Advisory:**LEN-45349

**Potential Impact:**Information disclosure

**Severity:**Medium

**Scope of Impact:**Industry-wide

**CVE Identifier:**CVE-2020-25082

Summary Description:

Nuvoton has reported a potential vulnerability where an attacker with physical access to the Nuvoton Trusted Platform Module (TPM) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel timing attack applied on ECDSA.

Systems using Bitlocker Drive Encryption are not affected by this issue as Bitlocker does not utilize the ECDSA algorithm.

Mitigation Strategy for Customers (what you should do to protect yourself):

Nuvoton recommends updating your firmware to the latest version (or newer) indicated for your model in the Product Impact section below.

NOTE: Some systems require multiple steps to update the TPM firmware. Additional guidance is provided in the Product Impact section below.