BitLocker Tpm+PIN+ USB and Recovery Password tests for NON ARM devices

  • Article

This manual test determines whether PCR [0, 2, 4, 11] are consistent across reboots. This test also tests whether PCRs change between booting with an USB and docking station plugged in, and booting without these devices

Test details

Associated requirements

System.Fundamentals.TPM.CS.ConnectedStandby System.Fundamentals.TPM.NonCS.NonConnectedStandby System.Fundamentals.TPM20.TPM20 System.Fundamentals.TrustedPlatformModule.TPMEnablesFullUseThroughSystemFirmware System.Fundamentals.TrustedPlatformModule.TPMRequirements

See the system hardware requirements.

Platforms

Windows 8 (x64) Windows 8 (x86) Windows Server 2012 (x64) Windows 8.1 x64 Windows 8.1 x86 Windows Server 2012 R2

Expected run time

~15 minutes

Categories

Certification Functional

Type

Manual

 

Running the test

Before you run the test, complete the test setup as described in the test requirements: WDTF System Fundamentals Testing Prerequisites.

Secure boot should be enabled if it is supported by the platform.

This test prompts you to remove USB and docking station and later prompts you to insert these devices. This test adds a TPM+PIN protector on the operating system volume. The PIN is hardcoded to four zeroes. After the protector is added, this PIN is required to boot the system. You will be prompted to take note of this before each restart.

Troubleshooting

For troubleshooting information, see Troubleshooting System Fundamentals Testing.

If this test fails, review the test log from Windows Hardware Certification Kit (Windows HCK) Studio.

  1. Make sure you can see fveapi.dll in %systemroot%\system32\.

  2. Check test output directly from command prompt when the test runs or open te.wtl in the HCK Manager.

  3. If a test script fails, check the BitLocker status:

    • Manage-bde –status [volume]

  4. Collect BitLocker event logs from event viewer at two locations:

    • Filter \Windows logs\System logs by event sources started with BitLocker

    • Applications and Services Logs\Microsoft\Windows\BitLocker-API\Management

  5. Run **tpm.msc ** to ensure that the TPM Status is ON and that ownership has been taken.

  6. Check TCG logs

    • Collect TCG log (*.txt).

    • Compare multiple copies of the TCG log and see whether PCR [0, 2, 4, 11] are consistent across reboot and hibernate.

Note  

If the BitLocker WHCK test results in a recovery event, the BitLocker recovery key is 48-zeros (0000-0000-0000-0000-0000-0000-0000-0000-0000-0000-0000-0000).

 

 

 

Send comments about this topic to Microsoft