none
When DB has added in non-Microsoft CA, which is causing the WHCK test items "TPM Verify Existence for Connected Standby Test” and " Bitlocker Tpm and Recovery password tests with PCR[7]" always get failed RRS feed

  • Question

  • The following is our test case and test results:

    Test case#1: Use CA built-in BIOS, when only Microsoft CA in DB, and then the two WHCK TPM items test are passed.

            PK:   OEM PK

            KEK: MSFT_KEK_CA.cer

            DB:  db_MSFTproductionWindowsSigningCA2011.cer, MSFT_UEFI_db.cer

            DBX: Phoenix default settings

    Test case#2: Use CA built-in BIOS, when there are Microsoft CA and OEM CA in DB, and then the two WHCK TPM items test always get fail. Log is as the attached image

            PK:   OEM PK

            KEK: MSFT_KEK_CA.cer

            DB:  db_MSFTproductionWindowsSigningCA2011.cer, MSFT_UEFI_db.cer + OEM_DB.cer

            DBX: Phoenix default settings

    Test log for TPM Verify Existence for Connected Standby Test

    Test log for Bitlocer TPM and Recovery password tests with PCR[7]

    Test case#3. Use CA built-in BIOS, when there are Microsoft CA and Phoenix CA in DB, and then the two WHCK TPM items test get failed. Log is same as above.

            PK:   OEM PK

            KEK: MSFT_KEK_CA.cer

            DB:  db_MSFTproductionWindowsSigningCA2011.cer, MSFT_UEFI_db.cer + Phoenix_DB.cer

            DBX: Phoenix default settings


    • Edited by Anny Huang Monday, October 29, 2012 5:08 AM
    Wednesday, October 24, 2012 2:53 AM