ESET FDE got error after updating Windows Update KB5026361

[ryanxcii 0]

Hi,

After we updated Windows Update KB5026361 for Windows 10, Most of devices got the message error:

• "A TPM Mode was in use but the TPM failed to initialize correctly. You will need to decrypt this system."

Workaround:

- Decrypt devices by using the encryption recovery tool

 However, after decoding successfully, the system still cannot boot inside OS and seem EFI bootloader got an issue.

May I know why the issue happens and how I can avoid the issue in the future?

Thank you.

[AAndrejko 9]

Hello,

I am sorry to hear you've had issues with our software after updating Windows.

We aren't aware of any issues with updating Windows 10 at this time that causes this issue. It seems like the TPM has been reset or is unable to properly boot in time for our bootloader to use it. I will attempt to update a test system with the Windows update now to see if I can replicate the issue although we are updating test devices daily with the latest Windows updates.

I understand you've gained access to the systems now after the failure, is that correct?

[AAndrejko 9]

Just a follow up, I've updated a test device with the update you've stated but I've not been able to reproduce the issue you've described. 

I would suggest you look at other updates that have been applied at this time. Historically I've seen a few whereby firmware updates have caused the TPM to reset, however you've stated most of your devices. Are these devices all the same, perhaps there's a firmware update causing this which has recently been rolled out?

[ryanxcii 0]

Hi AAndrejko,

I've checked and devices are the same model, it's HP devices. Other models like Dell still working well. 

Below is the log of Windows Update

2023/05/16 13:26:28.4539914 1088  16568 ComApi          Deserialized installable update 2023-05 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5026361), UpdateID = {0D469809-72D2-412A-83A3-29B9175A8469.200}, CallbackInfo cookie length = 1554
2023/05/16 13:26:28.4540202 1088  16568 ComApi          Reload successful, UpdateID =  0D469809-72D2-412A-83A3-29B9175A8469.200, CallbackInfo cookie length = 1554, Current deployment action = 1, New deployment action = 1
2023/05/16 13:26:28.6219588 1088  16568 ComApi          Serializing CUpdate 0D469809-72D2-412A-83A3-29B9175A8469.200
2023/05/16 13:26:28.6225811 1088  16568 ComApi          Update serialization complete. BSTR byte length = 35770, CallbackInfo cookie length = 1554
2023/05/16 13:27:49.5937334 5172  15284 Shared          UninitializeSUS
2023/05/16 13:27:49.5937476 5172  15284 Misc            CSusClientGlobal::DoServicePreShutdown
2023/05/16 13:27:49.5937531 5172  15284 IdleTimer       Idle timer disabled in preparation for service shutdown
2023/05/16 13:29:41.5090293 3692  4124  Agent           Windows Update access disabled: No
2023/05/16 13:29:41.5090302 3692  4124  Agent           Do not connect to Windows Update Internet locations: Yes
2023/05/16 13:29:41.5142288 3692  4124  Agent               Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2023-05-17 01:15:50, not idle-only, not network-only
2023/05/16 13:29:41.6564561 3692  4124  Agent           Initializing Windows Update Agent
2023/05/16 13:29:41.6580579 3692  4124  DownloadManager Download manager restoring 0 downloads
2023/05/16 13:29:41.6664095 3692  4124  Agent           CPersistentTimeoutScheduler | GetTimer, returned hr = 0x00000000
2023/05/16 13:29:41.6715712 3692  4124  Agent           Attempt 1 to obtain post-reboot results for event with cookie 31033034_3387397330.

And System event log

Seem TPM got error during updating Windows Update.

I checked TPM from BIOS and it still has been enabled after the issue happened.

I also checked the release note of KB5026361 but there are no related TPM.

I wonder if there is any other reason for TPM to fail?

 

 

[AAndrejko 9]

If the TPM errors are occurring whilst Windows was installing the update then I would suggest updating the TPM firmware if possible or contacting HP before updating any other HP devices using our software. 

It may be possible the Windows update isn't compatible with the systems TPM firmware or 3rd party software has caused this issue resulting in the TPM not behaving as expected. Unfortunately our software cannot control what other software or firmware does with the TPM so in this case another party I believe is the cause.

[itman 1,659]

Microsoft has an article on how to update your TPM firmware: https://support.microsoft.com/en-us/windows/update-your-security-processor-tpm-firmware-94205cbc-a492-8d79-cc55-1ecd6b0a8022 on Win 10.

[ryanxcii 0]

Thank you for suggestions, I will try to update the TPM firmware.