TPM Firmware Update Utility

ThinkPads which use the Infineon TPM chip have a firmware update available which addresses the weak RSA key generation issue (read more here).  This update is executed by TpmUpdt64.exe (or TpmUpdt.exe on 32-bit OS).  The following details about this utility may be useful if you are implementing this update through SCCM or some other software distribution solution.

Command line options:
               "  -s        ... Silent mode\n"
               "  -r        ... Reboot after program completed\n"
               "  -sp       ... Skip power status check\n"
               "  -chk      ... Check current TPM firmware\n"
               "  -suc password ... Skip user confirmation at startup\n\n"
               " Note: -suc option requires supervisor password.\n"

Return code:
RET_SUCC_REBOOTING               0     // Success (will reboot system)
RET_SUCC_NOTREBOOTING            1     // Success (no reboot)
RET_SUCC_NEED_TO_UPDATE_TPMFW    2     // It is required to update the TPM firwmare on this system. (-chk option)
RET_SUCC_NO_NEED_TO_UPDATE_TPMFW 3     // It is no need to update the TPM firmware on this system. (-chk option)

RET_UNDEFINED                    -1
RET_FAIL_UNSUPPORTEDSYSTEM       -2     // The process does not recognize this system.
RET_FAIL_NEEDADMINRIGHTS         -3     // You need to be logged on as Administrator in order to be able to run this utility.
RET_FAIL_INVALID_BIOS            -4     // Current BIOS does not support the TPM firmware update. You have to update BIOS to the latest version.
RET_FAIL_UNSUPPORTED_TPM         -5     // Unsupported TPM found.
RET_FAIL_INVALID_TPM_CONFIG      -6     // TPM is disabled in BIOS setup.
RET_FAIL_LOAD_TPMFW_IMAGE        -7     // Failed to load TPM firmware image file.
RET_FAIL_INVALID_TPMFW_IMAGE     -8     // TPM firmware image file is invalid.
RET_FAIL_TPMFW_UPDATE_EXPIRED    -9     // TPM firmware updated too many times.
RET_FAIL_UNSUPPORTED_TPMFW       -10    // Unsupported TPM firmware found on this system.
RET_FAIL_EXCEED_PASSWORD_RETRY   -11    // Password failed too many times.
RET_FAIL_PASSWORD_INCORRECT      -12    // Correct supervisor password is required for /SUC option.
RET_FAIL_NEEDPOWER               -13    // This process requires a charged battery to avoid an accidental power-off during an update.