UEFI Tpr Test
This test validates the UEFI implementation of the TPR command. eDrives unlocked by the operating system will remain unlocked on system crashes causing a security vulnerability for all such drives as the operating system cannot lock the drive on the crash. UEFI systems must issue a TPR command to each eDrive on the system to ensure that the drive is locked before booting into an operating system.
For example, this test creates a band on all eDrives and sets the state of that band to temporarily unlocked before invoking a system crash. Upon restart, the test runs again and checks the state of the band to ensure that it is locked.
Test details
Associated requirements |
System.Fundamentals.Firmware.TPR.UEFIEncryptedHDD |
Platforms |
Windows RT (ARM-based) Windows 8 (x64) Windows 8 (x86) Windows Server 2012 (x64) Windows RT 8.1 Windows 8.1 x64 Windows 8.1 x86 Windows Server 2012 R2 |
Expected run time |
~20 minutes |
Categories |
Certification Functional |
Type |
Automated |
Running the test
Before you run the test, complete the test setup as described in the test requirements: WDTF System Fundamentals Testing Prerequisites.
This test is a system test and as such runs against all systems and not specific drives in the device testing. All systems with UEFI and an eDrive attached will see this test in list of tests to run. A UEFI system with more than one eDrive will be checked for compliance.
The test will configure the system before causing a manually initiated bug check and finally validating the state of the drive after the system has rebooted. This means that seeing a manually initiated stop error is expected.
Troubleshooting
For additional troubleshooting information, see Troubleshooting System Fundamentals Testing.
The test needs to create a new band on the eDrive for testing, which requires that there is free space available to create the partition and band. If the eDrive already has volumes on it, the test will attempt to shrink a volume and use the free space to do the testing. If an error is encountered when trying to prepare the drive before the manually initiated crash, the following steps can be taken:
This error may be seen in the test logs as a VDS failure.
Manually remove all volumes from data drives by performing diskpart clean on the disk.
If the disk contains the boot volume, shrink volumes to create at least 100 MB of free space on boot volumes before running the test. This can be accomplished by using Disk Management.
More information
The test is a system test and does all of its own device enumeration. The job first installs the bugcheck driver which allows the user-mode test application to force a system crash. During phase 1 of the test, the system is checked to ensure it is a UEFI system and has at least one eDrive connected. If the system does not meet these criteria the test is skipped and appears as a pass in the HCK studio and manager. For each eDrive enumerated on the system, a new 100MB band is created. If the drive already contains partitions such that there is not 100MB of free space, VDS is invoked to shrink the largest partition to create room for a new band. This means that the partitions on the drive must have been created in Windows and are not managed by a 3rd party TCG solution. Each of the new bands is set to the Temporary Unlock state before invoking the crashdump driver to cause a manually initiated system crash. When the system reboots the second part of the test runs to check that each of the bands is locked. Any unlocked bands cause the test to fail. The test bands are removed and the partitions extended if they were previously shrunk. Finally, the crashdump driver is removed from the system.
Command usage
| Command | Description |
|---|---|
UefiTprTest.exe phase1 |
Run phase 1 of the test to prepare the drives before crashing the system. |
UefiTprTest.exe phase2 |
Run phase 2 of the test to check the state of the drives after the reboot. |
Command syntax
| Command option | Description |
|---|---|
UefiTprTest.exe |
The command-line options for the test are listed below. |
Phase1 |
Phase 1 prepares the drives for testing. This is needed to get the drives in the state they are needed before crashing the system. |
Phase2 |
Phase 2 does the validation of the drives and their state after crashing the system. |
Note
For command line help for this test binary, type /?.
File list
File |
Location |
bugcheck.sys |
<[testbinroot]>\nttest\driverstest\storage\wdk\ |
common.js |
<[testbinroot]>\NTTEST\driverstest\storage\crashdump\scripts\ |
Crash.wsf |
<[testbinroot]>\NTTEST\driverstest\storage\crashdump\scripts\ |
bugcheckdrvctrl.dll |
<[testbinroot]>\nttest\driverstest\storage\wdk\crashtest\ |
bugcheckdrvctrl.tlb |
<[testbinroot]>\nttest\driverstest\storage\wdk\crashtest\ |
UefiTprTest.exe |
<[testbinroot]>\nttest\driverstest\storage\wdk\ |