Invoke-HPCertificateChainValidation

Summary

Verifies whether a Platform Certificate has been issued by HP, by validating intermediate and root certificates trust chain.

Syntax

Invoke-HPCertificateChainValidation [-UseLocalPlatformCertificate] -Ica <String> -RootCa <String> [<CommonParameters>]

Invoke-HPCertificateChainValidation [-PlatformCertificate <String>] -Ica <String> -RootCa <String> [<CommonParameters>]

Description

This command receives intermediate and root CAs offline paths in parameter and validate the trust chain. Intermediate and root CAs need to be downloaded online and stored offline either locally in the PC or in a shared location.

ICA location can be retrieved from the certificate by using Get-PlatformCertificateData command.

For instance, the following command will retrieve the online location of the ICA for certificate HPInc.00036635D0.BASE.cer:

Invoke-HPCertificateChainValidation-PlatformCertificate 'C:\Tools\Certificate\HPInc.00036635D0.BASE.cer' | Select-Object -ExpandProperty PlatformCertificateGeneralData | Select-Object -ExpandProperty PlatformCertificateExtensions | Select-Object -ExpandProperty PlatformCertificateAuthorityInfoAccess | Select-Object AccessLocation

Parameters

NameArgumentDescription
PlatformCertificate<String>Specifies the path to the platform certificate file that is stored offline either locally in the PC or in a shared location. If the platform certificate belongs to the PC, the tool installs platform certificate in the local PC in both EFI system partition and UEFI variable.
Please follow the following format for the Platform Certificate file: HPInc.<serial_number>.BASE.cer
UseLocalPlatformCertificate<SwitchParameter>If specified, this command uses the Platform Certificate that is stored locally in the PC. The default locations for the certificate are the EFI System Partition /boot/tcg/cert/platform/ or \efi\tcg\cert\platform and UEFI Variable HpPlatformCertificateBase GUID {B44ED025-A047-4312-9E62-A1C3ACC8684D}
Ica<String>Specifies the Intermediate CA of the HP base Platform Certificate
RootCa<String>Specifies the Root CA of the HP base Platform Certificate

Examples

PS C:\> Invoke-HPCertificateChainValidation -UseLocalPlatformCertificate -Ica 'C:\Users\Tools\Test\ica-2024.cer' -RootCa 'C:\Users\Tools\Test\hp_ps1.cer'

PS C:\> Invoke-HPCertificateChainValidation -PlatformCertificate 'C:\Users\Tools\Test\ HPInc.00036635D0.BASE.cer' -Ica 'C:\Users\Tools\Test\ica-2024.cer' -RootCa 'C:\Users\Tools\Test\hp_ps1.cer'