HP.PlatformCertificate.Validation.PowerShell.dll-Help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-HPPlatformCertificateData</command:name> <command:verb>Get</command:verb> <command:noun>HPPlatformCertificateData</command:noun> <maml:description> <maml:para>Retrieves the contents of an x509 Platform Certificate</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This command retrieves the contents of an x509 Platform Certificate according to the TCG Platform Certificate Profile, version 1.1 Revision 19. The output is an object convertible to Json.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-HPPlatformCertificateData</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PlatformCertificate</maml:name> <maml:description> <maml:para>Specifies the path to either a platform certificate file, a directory containing platform certificates, or a zip file containing platform certificates that are stored offline either locally in the PC or in a shared location. If the platform certificate belongs to the PC, the tool installs platform certificate in the local PC in both EFI system partition and UEFI variable. When providing a folder or a zip file, the tool will search for the certificate file named in the following format: HPInc.<serial number>.BASE.cer</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UseLocalPlatformCertificate</maml:name> <maml:description> <maml:para>If specified, this command uses the Platform Certificate that is stored locally in the PC. The default locations for the certificate are the EFI System Partition /boot/tcg/cert/platform/ or \efi\tcg\cert\platform and UEFI Variable HpPlatformCertificateBase GUID {B44ED025-A047-4312-9E62-A1C3ACC8684D}</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PlatformCertificate</maml:name> <maml:description> <maml:para>Specifies the path to either a platform certificate file, a directory containing platform certificates, or a zip file containing platform certificates that are stored offline either locally in the PC or in a shared location. If the platform certificate belongs to the PC, the tool installs platform certificate in the local PC in both EFI system partition and UEFI variable. When providing a folder or a zip file, the tool will search for the certificate file named in the following format: HPInc.<serial number>.BASE.cer</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UseLocalPlatformCertificate</maml:name> <maml:description> <maml:para>If specified, this command uses the Platform Certificate that is stored locally in the PC. The default locations for the certificate are the EFI System Partition /boot/tcg/cert/platform/ or \efi\tcg\cert\platform and UEFI Variable HpPlatformCertificateBase GUID {B44ED025-A047-4312-9E62-A1C3ACC8684D}</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert /> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-HPPlatformCertificateData -UseLocalPlatformCertificate</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Get-HPPlatformCertificateData -PlatformCertificate C:\Users\Tools\Test\HPInc.SCN3315BDN.BASE.cer</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> Get-HPPlatformCertificateData -PlatformCertificate C:\Users\Tools\Test\</dev:code> <dev:remarks> <maml:para>Gets platform certificate data from a directory containing platform certificates</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 4 --------------------------</maml:title> <dev:code>PS C:\> Get-HPPlatformCertificateData -UseLocalPlatformCertificate | ConvertTo-Json -Depth 8</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 5 --------------------------</maml:title> <dev:code>PS C:\> Get-HPPlatformCertificateData -PlatformCertificate C:\Users\Tools\Test\Certificates.zip</dev:code> <dev:remarks> <maml:para>Gets platform certificate data from a zip file containing platform certificates</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-HPPlatformData</command:name> <command:verb>Get</command:verb> <command:noun>HPPlatformData</command:noun> <maml:description> <maml:para>Retrieves the current PC configuration</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Reads the current PC configuration and returns it into an object that matches with the TCG Platform Certificate Profile specification, version 1.1 Revision 19.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-HPPlatformData</maml:name> </command:syntaxItem> </command:syntax> <command:parameters /> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert /> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-HPPlatformData</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Get-HPPlatformData | ConvertTo-Json -Depth 8</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Invoke-HPCertificateChainValidation</command:name> <command:verb>Invoke</command:verb> <command:noun>HPCertificateChainValidation</command:noun> <maml:description> <maml:para>Validates HP Platform Certificate trust chains.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet validates the trust chain of an HP Platform Certificate against intermediate and root certificate authorities. It supports both offline and online validation modes:</maml:para> <maml:para>1. Offline mode: The command receives an intermediate CA offline path in the -Ica parameter and validates the trust chain. Intermediate CA certificates need to be downloaded online and stored offline either locally in the PC or in a shared location.</maml:para> <maml:para>2. Online mode: Using the -UseOnlineCertificateChain parameter, the tool will automatically access and download intermediate and root CAs needed to complete trust chain verification without requiring the user to manually download these certificates. Additionally, when using the -ValidateRevocation parameter, the tool will perform online revocation checks on all certificates in the chain, including platform certificate, intermediate CA, and root CA, verifying that none of the certificates have been revoked.</maml:para> <maml:para>ICA location can be retrieved from the certificate by using Get-HPPlatformCertificateData command.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Invoke-HPCertificateChainValidation</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PlatformCertificate <string></maml:name> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Ica <string></maml:name> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ValidateRevocation</maml:name> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Invoke-HPCertificateChainValidation</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UseLocalPlatformCertificate</maml:name> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Ica <string></maml:name> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ValidateRevocation</maml:name> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Invoke-HPCertificateChainValidation</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PlatformCertificate <string></maml:name> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UseOnlineCertificateChain</maml:name> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ValidateRevocation</maml:name> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Invoke-HPCertificateChainValidation</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UseLocalPlatformCertificate</maml:name> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UseOnlineCertificateChain</maml:name> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ValidateRevocation</maml:name> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PlatformCertificate</maml:name> <maml:description> <maml:para>Specifies the path to a platform certificate file, directory containing platform certificates, or zip file with platform certificates. When using a directory or zip file, the tool searches for files named in the format: HPInc.<serial_number>.BASE.cer</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Ica</maml:name> <maml:description> <maml:para>Specifies the path to the Intermediate Certificate Authority (ICA) certificate file for validating the HP Platform Certificate. Required when not using -UseOnlineCertificateChain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UseLocalPlatformCertificate</maml:name> <maml:description> <maml:para>If specified, this command uses the Platform Certificate that is stored locally in the PC. The default locations for the certificate are: - EFI System Partition: /boot/tcg/cert/platform/ or \efi\tcg\cert\platform - UEFI Variable: HpPlatformCertificateBase GUID {B44ED025-A047-4312-9E62-A1C3ACC8684D}</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UseOnlineCertificateChain</maml:name> <maml:description> <maml:para>If specified, the tool automatically downloads and uses the online certificate chain for validation instead of requiring a local ICA certificate. This enables automatic retrieval of intermediate and root CA certificates.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ValidateRevocation</maml:name> <maml:description> <maml:para>If specified, the tool will perform online revocation checks on all certificates in the chain: - Platform certificate revocation: checks if the serial number of the leaf certificate is present on the ICA's CRL - ICA revocation: checks if the serial number of the ICA is present on the Root's CRL - RootCA revocation: checks if the serial number of the RootCA is present on the Root's CRL</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert /> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPCertificateChainValidation -PlatformCertificate 'C:\Users\Tools\Test\HPInc.00036635D0.BASE.cer' -Ica 'C:\Users\Tools\Test\ica-2024.cer'</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPCertificateChainValidation -UseLocalPlatformCertificate -Ica 'C:\Users\Tools\Test\ica-2024.cer'</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPCertificateChainValidation -PlatformCertificate 'C:\Users\Tools\Test\HPInc.00036635D0.BASE.cer' -UseOnlineCertificateChain</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 4 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPCertificateChainValidation -UseLocalPlatformCertificate -UseOnlineCertificateChain</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 5 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPCertificateChainValidation -PlatformCertificate 'C:\Users\Tools\Test\HPInc.00036635D0.BASE.cer' -Ica 'C:\Users\Tools\Test\ica-2024.cer' -ValidateRevocation</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 6 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPCertificateChainValidation -UseLocalPlatformCertificate -Ica 'C:\Users\Tools\Test\ica-2024.cer' -ValidateRevocation</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 7 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPCertificateChainValidation -PlatformCertificate 'C:\Users\Tools\Test\HPInc.00036635D0.BASE.cer' -UseOnlineCertificateChain -ValidateRevocation</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 8 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPCertificateChainValidation -UseLocalPlatformCertificate -UseOnlineCertificateChain -ValidateRevocation</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 9 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPCertificateChainValidation -PlatformCertificate C:\Users\Tools\Test\Certificates.zip -Ica 'C:\Users\Tools\Test\ica-2024.cer'</dev:code> <dev:remarks> <maml:para>Validates certificate chain using a zip file containing platform certificates</maml:para> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 10 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPCertificateChainValidation -PlatformCertificate C:\Users\Tools\Test\ -Ica 'C:\Users\Tools\Test\ica-2024.cer'</dev:code> <dev:remarks> <maml:para>Validates certificate chain using a directory containing platform certificates</maml:para> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Invoke-HPPlatformIntegrityCheck</command:name> <command:verb>Invoke</command:verb> <command:noun>HPPlatformIntegrityCheck</command:noun> <maml:description> <maml:para>Validates PC components against HP Platform Certificate.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet verifies that the current PC's components and configuration match the specifications in the HP Platform Certificate.</maml:para> <maml:para>Components and configuration in scope include disk, memory, processor, graphic card, chassis, baseboard, networking, PCIe devices, NVMe devices, BIOS firmware version, feature byte, UUID, and Endpoint Security Controller (EpSC) ID certificate hash included in the PC.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Invoke-HPPlatformIntegrityCheck</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PlatformCertificate <string></maml:name> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoInstallPlatformCertificate</maml:name> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Invoke-HPPlatformIntegrityCheck</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UseLocalPlatformCertificate</maml:name> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoInstallPlatformCertificate</maml:name> <maml:description> <maml:para>If specified, the command will not save the Platform Certificate passed into the PlatformCertificate parameter locally on the PC.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PlatformCertificate</maml:name> <maml:description> <maml:para>Specifies the path to a platform certificate file, directory containing platform certificates, or zip file with platform certificates. When using a directory or zip file, the tool searches for files named in the format: HPInc.<serial_number>.BASE.cer</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UseLocalPlatformCertificate</maml:name> <maml:description> <maml:para>If specified, this command uses the Platform Certificate that is stored locally in the PC. The default locations for the certificate are: - EFI System Partition: /boot/tcg/cert/platform/ or \efi\tcg\cert\platform - UEFI Variable: HpPlatformCertificateBase GUID {B44ED025-A047-4312-9E62-A1C3ACC8684D}</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert /> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPPlatformIntegrityCheck -UseLocalPlatformCertificate</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPPlatformIntegrityCheck -PlatformCertificate C:\Users\Tools\Test\HPInc.SCN3315BDN.BASE.cer</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPPlatformIntegrityCheck -PlatformCertificate C:\Users\Tools\Test\HPInc.SCN3315BDN.BASE.cer -NoInstallPlatformCertificate</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 4 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPPlatformIntegrityCheck -PlatformCertificate C:\Users\Tools\Test</dev:code> <dev:remarks> <maml:para>Verifies platform integrity using a directory containing platform certificates</maml:para> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 5 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPPlatformIntegrityCheck -PlatformCertificate C:\Users\Tools\Test\Certificates.zip</dev:code> <dev:remarks> <maml:para>Verifies platform integrity using a zip file containing platform certificates</maml:para> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Invoke-HPTPMCredentialValidation</command:name> <command:verb>Invoke</command:verb> <command:noun>HPTPMCredentialValidation</command:noun> <maml:description> <maml:para>Verifies the TPM on the PC matches the one in Platform Certificate and verifies Intermediate CA(s) and Root CA trust chain.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This verification process ensures the TPM in the executing PC is authentic and matches Platform Certificate. It also validates that the collection of root and intermediate certificates that used to sign the TPM certificates were indeed issued by the TPM Vendors. The TPM's certificate used for this evaluation is the TPM EK Certificate found at the register of the TPM.</maml:para> <maml:para>After successful verification, it provides the user with the confidence in the TPM to attest the validation commands executed by the verification tool.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Invoke-HPTPMCredentialValidation</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CabFile</maml:name> <maml:description> <maml:para>Specifies the cab file to use. The user needs to download the collection of trusted TPM root and intermediate signing certificates issued by Microsoft and save it offline (e.g., locally or in a shared location). During the integrity verification execution, the tool looks in the cabFile for the intermediate and root certificates that belong to the TPM on the running PC. Then the tool validates intermediate and root certificates trust chain. This option is recommended when the user does not want to manage the TPM certificate chain individually. More information on the Microsoft package and download can be found from this link https://learn.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-install-trusted-tpm-root-certificates Path to the cab file is the offline path to the collection of trusted TPM root and intermediate signing certificates issued by Microsoft.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TpmCertificateChain</maml:name> <maml:description> <maml:para>Specifies the whole TPM's certificate chain for the tool to validate. The tool will try to match the TPM's EK certificate with the certificate chain passed as parameter and validate them. Path to TPM's ICA certificate is the offline path of the certificate. User needs to download the intermediate certificate(s) online and save it offline before the tool execution. RootCa is the root CA of the TPM EK certificate. Path to TPM's root certificate is the offline path of the certificate. User needs to download the root certificate online and save it offline before the tool execution.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CabFile</maml:name> <maml:description> <maml:para>Specifies the cab file to use. The user needs to download the collection of trusted TPM root and intermediate signing certificates issued by Microsoft and save it offline (e.g., locally or in a shared location). During the integrity verification execution, the tool looks in the cabFile for the intermediate and root certificates that belong to the TPM on the running PC. Then the tool validates intermediate and root certificates trust chain. This option is recommended when the user does not want to manage the TPM certificate chain individually. More information on the Microsoft package and download can be found from this link https://learn.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-install-trusted-tpm-root-certificates Path to the cab file is the offline path to the collection of trusted TPM root and intermediate signing certificates issued by Microsoft.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TpmCertificateChain</maml:name> <maml:description> <maml:para>Specifies the whole TPM's certificate chain for the tool to validate. The tool will try to match the TPM's EK certificate with the certificate chain passed as parameter and validate them. Path to TPM's ICA certificate is the offline path of the certificate. User needs to download the intermediate certificate(s) online and save it offline before the tool execution. RootCa is the root CA of the TPM EK certificate. Path to TPM's root certificate is the offline path of the certificate. User needs to download the root certificate online and save it offline before the tool execution.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert /> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPTPMCredentialValidation -CabFile C:\Users\Tools\Test\TrustedTpm.cab</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPTPMCredentialValidation -CabFile TrustedTpm.cab | ConvertTo-Json -Depth 8</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 3 --------------------------</maml:title> <dev:code>PS C:\> Invoke-HPTPMCredentialValidation -TpmCertificateChain ica.cer, rootCa.cer</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> </helpItems> |