Updating the TPM firmware

This section presents the steps involved in updating the firmware on TPM models 9672 and 9665.

Some of the images below show BIOS on SN-S-Series model firewalls. As such, the display may vary depending on the model used, but the process remains the same.

Connecting to the SNS firewall

  1. Shut down the SNS firewall, then unplug its electrical power cord (or both cords, if it has redundant power supply modules).

  2. Insert the USB drive that was prepared earlier into a USB port on the SNS firewall.

  3. Connect the computer to the SNS firewall using an appropriate cable, and log in with your terminal emulator in console mode;

    - or -

    Connect a USB keyboard and a monitor to the SNS firewall using an appropriate cable.

Disabling the TPM and Secure Boot

  1. Plug the power cord(s) into the SNS firewall and start it up.

  2. Once the SNS firewall starts up, press [Del] several times to stop its startup sequence, and access BIOS.

    If the startup sequence is not stopped quickly enough, the SNS firewall will start up on the USB drive, and the update process will fail. You will then need to restart the SNS firewall and stop its startup sequence at the right moment.

  3. In the Advanced tab, select Trusted Computing and press [Enter].

  4. Disable the Security Device Support setting by selecting Disable.

    Image showing the window in which the Security Device Support setting is disabled in BIOS on an SNS firewall. Setting it to Disable allows you to disable the TPM.

  5. Press [Esc] to go back to the previous window.

  6. In the Security tab, select Secure Boot and press [Enter].

  7. Disable the Secure Boot setting by selecting Disable. If this status was already selected, this means that Secure Boot has already been disabled.

    Image showing Secure Boot being disabled in BIOS on an SNS firewall

  8. Press [Esc] to go back to the previous window.

  9. In the Save & Exit tab, select Save Changes and Reset and press [Enter].

  10. In the Save & Reset window, select Yes and press [Enter].

Updating the TPM firmware

IMPORTANT
The update process is automatic and lasts around five minutes. Once the process is run, it must never be interrupted, and the SNS firewall must not be disconnected from the power supply. If this occurs, the TPM will be completely unable to run.

  1. The SNS firewall will start up on the USB drive, and the update process begins.

    Image showing the process of updating the TPM firmware on an SNS firewall

  2. Wait several moments.

  3. Once the update is complete, run this command to stop the SNS firewall:

    reset -s

    Do not remove the USB drive.

  4. Unplug the power cord(s) from the SNS firewall.

  5. Wait 10 seconds.

  6. Plug the power cord(s) into the SNS firewall and start it up.

    The update script will run automatically, with a message indicating that the TPM firmware is up to date.

    NOTE
    If the console remains frozen after the SNS firewall starts up, quit the session on the terminal emulator, and open a new one until the display is restored.

  7. Check the version that appears next to the TPM firmware version field:

    • On TPM 9672: the version should be 16.24.19084.0,
    • On TPM 9665: the version should be 5.66.19374.2.

    Image showing information on the TPM firmware on an SNS firewall. The firmware version is framed.

Enabling the TPM and Secure Boot after the update is complete

  1. Run this command to restart the SNS firewall:

    reset

    Remove the USB drive.

  2. Once the SNS firewall starts up, press [Del] several times to stop its startup sequence, and access BIOS.

  3. In the Advanced tab, select Trusted Computing and press [Enter].

  4. Enable the Security Device Support setting by selecting Enable.

    Image showing TPM module being enabled in BIOS on an SNS firewall

  5. Press [Esc] to go back to the previous window.

  6. In the Security tab, select Secure Boot and press [Enter].

    NOTE
    As of SNS version 4.8.7, Secure Boot monitors the integrity of the UEFI binaries in the boot sequence of the SNS firewall. You are therefore strongly advised to enable this feature to guarantee the integrity of the sequence.

  7. Enable the Secure Boot setting by selecting Enable.

    Image showing Secure Boot being enabled in BIOS on an SNS firewall

    If an Install factory defaults window appears, select No and press [Enter]. Otherwise, the TPM (Security Device Support setting) will remain disabled.

  8. Press [Esc] to go back to the previous window.

  9. In the Save & Exit tab, select Save Changes and Reset and press [Enter].

  10. In the Save & Reset window, select Yes and press [Enter].