TPM Update For Chrome OS: Why And How

Image Credit: Infineon (illustrative purposes only)

For many of you who are like us, you’re constantly tinkering with your Chrome OS devices, moving channels and changing Chromebooks more frequently than you do the oil in your car. Likely, you Powerwash your machine regularly if not out of habit, perhaps out of necessity.

For you, this article may have little application. However, for the consumer masses, you may or may not be familiar with Powerwashing or what it does and why you should do it. Moreover, even fewer of you might know about a little piece of hardware in your Chromebook known as the TPM that serves a very great purpose and you don’t even know it’s there.

TPM or Trusted Platform Module is a security chip found in most modern laptops and desktops regardless your operating system. TPMs are built to comply with the industry standard set in place and maintained by the Trusted Computing Group over a decade ago.

What does it do?

TPMs perform a variety of functions and breaking down the details would take a series of articles and you probably don’t want me to waste hours of your day in an attempt to explain something I have a limited grasp of myself.

Long story short, the Trusted Platform Module is a gatekeeper, of sorts. Only in not only holds the security keys to various aspects of your device, it also creates said keys and decides who does and does not get access to those keys.

The firmware for your TPM is maintained separately from the operating system allowing for a deeper level of security and segregation of the encrypted data the module holds.

Recently, the Chromium developers have released a firmware update for the vast majority of Chromebooks on the market that includes a security patch for a bug that leaves the private keys housed in the TPM vulnerable to attack.

The fix is quick and will only take a few minutes to update but it will require a Powerwash of your Chromebook which means you will lose all local data on the device. Before you take that leap, let’s take a look at how to check your TPM’s firmware and see if it is up to date.

In your URL bar (omnibox), type chrome://system and wait for the page to load.)(it will take a few seconds for all of the data to populate)

You’ll be greeted with lines and lines of information on your specific device. You can navigate to the date you’re looking for by hitting Ctrl + F and typing “TPM” in the search box. The second result should be TPM Version. Click expand and take a look.

Below are the outdated firmware versions. If you have one of these versions listed, you will need to move on to the next steps to get the latest update.

  • 000000000000041f – 4.31
  • 0000000000000420 – 4.32
  • 0000000000000628 – 6.40
  • 0000000000008520 – 133.32

The latest firmware versions are in the following list. If you have one of these, you’re good to go and your TPM is secure. Carry on with your day.

  • 0000000000000422 – 4.34
  • 000000000000062b – 6.43
  • 0000000000008521 – 133.33


If you are in need of an update, here’s how you go about it.

First, make sure you back up any data from the local drives that you do not want to lose. You can do this in various ways. Personally, I usually just create a folder on Google Drive and drag everything I want to keep into that folder for quick access once I’m up and running again. Alternatively, you could use a flash drive or any number of storage services like DropBox, One Drive, Mega etc.

If you want to make sure all of your settings, bookmarks and what-not all return, point your browser to chrome://settings/syncSetup and select which items you want to sync when you sign back into your device.

Ok, now you’re ready to Powerwash your Chromebook. Head to the settings menu via the gear icon in your system tray or by going to chrome://settings. Scroll to the bottom of the page and click “advanced.” Scroll to the bottom of that page and select “Powerwash.”

At the Powerwash screen, you should see a checkbox that says “Update firmware for added security.” Make sure that box is checked and proceed with the Powerwash.

In just a few moments your Chromebook will restart and prompt you to start anew at the login screen. You now have the latest security updates for your TPM and you can sleep a little better tonight knowing all the private little bits are safe.

For a complete list of devices affected, check out the Chromium Developers documentation here.

Shop Chromebooks On Amazon



*** This is a Security Bloggers Network syndicated blog from Trusted Computing Group authored by TCG Admin. Read the original post at: https://chromeunboxed.com/news/tpm-update-chrome-os-how-to-chromebook#new_tab