BitLocker Tpm And Recovery Password tests for AOAC devices with PCR[7]

All platforms that implement a TPM must ensure invariance of PCRs 7, 11 across power cycles in the absence of changes to the platform's static core root of trust for measurements (SRTM). Attaching a (non-bootable) USB to the platform or attaching the platform to a docking station should not cause changes to the SRTM.

Note

   This test restarts the system multiple times to check whether PCRs are consistent.

 

Test details

Specifications	System.Fundamentals.TPM.CS.ConnectedStandby Device.DevFund.Firmware.UpdateDriverPackage
Platforms	Windows 10, client editions (x86) Windows 10, client editions (x64) Windows 10, client editions (Arm64)
Supported Releases	Windows 10 Windows 10, version 1511 Windows 10, version 1607 Windows 10, version 1703 Windows 10, version 1709 Windows 10, version 1803 Windows 10, version 1809 Windows 10, version 1903 Next update to Windows 10
Expected run time (in minutes)	15
Category	Scenario
Timeout (in minutes)	900
Requires reboot	false
Requires special configuration	false
Type	automatic

 

Additional documentation

Tests in this feature area might have additional documentation, including prerequisites, setup, and troubleshooting information, that can be found in the following topic(s):

• Device.DevFund additional documentation
• System.Fundamentals additional documentation

Running the test

Before you run the test, complete the test setup as described in the test requirements: WDTF System Fundamentals Testing Prerequisites. Also, check that TPM is on and ready for use by running tpm.msc (the Trusted Platform Module (TPM) Management snap-in). Secure boot should be enabled.

Troubleshooting

For generic troubleshooting of HLK test failures, see Troubleshooting Windows HLK Test Failures.

For troubleshooting information, see Troubleshooting System Fundamentals Testing.

If this test fails, review the test log from Windows Hardware Lab Kit (Windows HLK) Studio.

1. Make sure you can see fveapi.dll in %systemroot%\system32\.

2. Check test output directly from command prompt when the test runs or open te.wtl in the HLK Manager.

3. If a test script fails, check the BitLocker status:

   • Manage-bde -status [volume]

4. Collect BitLocker event logs from event viewer at two locations:

   • Filter \Windows logs\System logs by event sources started with BitLocker

   • Applications and Services Logs\Microsoft\Windows\BitLocker-API\Management

5. Run **tpm.msc ** to ensure that the TPM Status is ON and that ownership has been taken.

6. Check TCG logs

   • Collect TCG log (*.txt).

   • Compare multiple copies of the TCG log and see whether PCR [0, 2, 4, 11] are consistent across reboot and hibernate.

Note

   If the BitLocker WHLK test results in a recovery event, the BitLocker recovery key is 48-zeros (0000-0000-0000-0000-0000-0000-0000-0000-0000-0000-0000-0000).