Dasharo · matmacieje · Oct 31, 2025 · Nov 3, 2025 · Nov 4, 2025 · Nov 5, 2025
diff --git a/dasharo-security/tpm-support.robot b/dasharo-security/tpm-support.robot
@@ -313,6 +313,51 @@ TPM013.301 TPM PPI Prompt (Windows)
     ${new_key}=    TPM2 Get Owner Key Windows
     Should Not Be Equal As Strings    ${new_key}    ${owner_key}
 
+TPM014.101 TPM single bank detection
+    [Documentation]    TBD
+    #Power On
+    Enter The TCG Configuration Menu
+    &{banks_state}=    Check TPM PCR Banks State In FW
+    Reenter Menu
+    &{banks_positions}=    Get TPM PCR Banks Menu Positions In FW    ${banks_state}
+
+    VAR    ${active_banks}=    ${0}
+    VAR    ${bank_to_set}=    ${EMPTY}
+    FOR    ${state_name}    IN    @{banks_state}
+        IF    '$bank_to_set == $EMPTY'
+            IF    ${banks_state["${state_name}"]} == ${FALSE}
+                VAR    ${bank_to_set}=    ${state_name}
+            END
+        END
+        IF    ${banks_state["${state_name}"]} == ${TRUE}
+            VAR    ${active_banks}=    ${active_banks+1}
+            VAR    ${active_bank}=    ${state_name}
+        END
+    END
+    Should Be Equal As Integers    ${active_banks}    1    More than one PCR bank active at the beginning
+    Toggle TPM PCR Bank In FW    ${banks_positions}    ${bank_to_set}
+    Save Changes And Reset
+
+    IF    ${TPM_MULTIPLE_BANK_SUPPORT} == ${FALSE}
+        Log To Console    TPM_MULTIPLE_BANK_SUPPORT False
+        # New pop-up
+    END
+    Read From Terminal Until
+    ...    Press F12 to change the boot measurements to use PCR bank(s) of the TPM
+    Press Key N Times    1    ${F12}
+
+    Enter The TCG Configuration Menu
+    ${banks_state_after}=    Check TPM PCR Banks State In FW
+    &{expected_state}=    Copy Dictionary    ${banks_state}
+    IF    ${TPM_MULTIPLE_BANK_SUPPORT} == ${FALSE}
+        Set To Dictionary    ${expected_state}    ${active_bank}=${FALSE}
+        Set To Dictionary    ${expected_state}    ${bank_to_set}=${TRUE}
+    ELSE
+        Set To Dictionary    ${expected_state}    ${active_bank}=${TRUE}
+        Set To Dictionary    ${expected_state}    ${bank_to_set}=${TRUE}
+    END
+    Dictionaries Should Be Equal    ${expected_state}    ${banks_state_after}    PCR Bank state not as expected.
+
 TPM001.205 TPM Support (XCP-NG)
     [Documentation]    Check whether the TPM is initialized correctly and the
     ...    PCRs can be accessed from the XCP-NG OS.

diff --git a/lib/bios/menus.robot b/lib/bios/menus.robot
@@ -163,8 +163,8 @@ Search For Option Not Visible After Entering Menu
         Remove Values From List    ${construction}    Devices List
         ${key_down_qtty}=
         ...    Get Index Of Matching Option In Menu    ${construction}    ${option}
-        Should Not Be Equal As Integers    ${key_down_qtty}    -1
-        ...    msg=Option '${option}' not found in menu
+        #Should Not Be Equal As Integers    ${key_down_qtty}    -1
+        #...    msg=Option '${option}' not found in menu
         RETURN    ${key_down_qtty}
     END
     Fail    msg=Option '${option}' not found in menu.

diff --git a/lib/tpm.robot b/lib/tpm.robot
@@ -120,3 +120,61 @@ Enter The TCG Configuration Menu
         ...    ${device_manager_menu}
         ...    TCG Configuration
     END
+
+Check TPM PCR Banks State In FW
+    Read From Terminal
+    Press Key N Times    1    ${ARROW_UP}
+    VAR    ${checkpoint}=    F9=Reset to Defaults
+    ${tpm2_operation_menu}=    Read From Terminal Until    ${checkpoint}
+    ${TGC2_menu_protocol_part}=    Parse Menu Snapshot Into Construction    ${tpm2_operation_menu}    6    1
+    ${sha_banks}=    Get Matches    ${TGC2_menu_protocol_part}    PCR Bank: SHA*
+    &{sha_state}=    Create Dictionary
+    FOR  ${item}  IN  @{sha_banks}
+        IF    'PCR Bank: SHA1 [' in '${item}'
+            IF    '[X]' in '${item}'
+                Set To Dictionary    ${sha_state}    SHA1=${TRUE}
+            ELSE IF    '[ ]' in '${item}'
+                Set To Dictionary    ${sha_state}    SHA1=${FALSE}
+            END
+        ELSE IF    'PCR Bank: SHA256 [' in '${item}'
+            IF    '[X]' in '${item}'
+                Set To Dictionary    ${sha_state}    SHA256=${TRUE}
+            ELSE IF    '[ ]' in '${item}'
+                Set To Dictionary    ${sha_state}    SHA256=${FALSE}
+            END
+        ELSE IF    'PCR Bank: SHA384 [' in '${item}'
+            IF    '[X]' in '${item}'
+                Set To Dictionary    ${sha_state}    SHA384=${TRUE}
+            ELSE IF    '[ ]' in '${item}'
+                Set To Dictionary    ${sha_state}    SHA384=${FALSE}
+            END
+        ELSE IF    'PCR Bank: SHA512 [' in '${item}'
+            IF    '[X]' in '${item}'
+                Set To Dictionary    ${sha_state}    SHA512=${TRUE}
+            ELSE IF    '[ ]' in '${item}'
+                Set To Dictionary    ${sha_state}    SHA512=${FALSE}
+            END
+         ELSE IF    'PCR Bank: SM3_256 [' in '${item}'    # highly experimental
+            IF    '[X]' in '${item}'
+                Set To Dictionary    ${sha_state}    SM3_256=${TRUE}
+            ELSE IF    '[ ]' in '${item}'
+                Set To Dictionary    ${sha_state}    SM3_256=${FALSE}
+            END
+        END
+    END
+    RETURN    ${sha_state}
+
+Get TPM PCR Banks Menu Positions In FW
+    [Arguments]    ${pcr_banks}
+    &{sha_positions}=    Create Dictionary
+    FOR    ${bank_name}    IN    @{pcr_banks}
+        ${real_bank_name}=    Catenate    PCR Bank:    ${bank_name}
+        ${position}=    Search For Option Not Visible After Entering Menu    ${real_bank_name}
+        Set To Dictionary    ${sha_positions}    ${bank_name}=${position}
+    END
+    RETURN    ${sha_positions}
+
+Toggle TPM PCR Bank In FW
+    [Arguments]    ${bank_positions}    ${bank_name}
+    Press Key N Times And Enter    ${bank_positions["${bank_name}"]}+1    ${ARROW_DOWN}
+    RETURN    ${bank_name}
diff --git a/platform-configs/include/default.robot b/platform-configs/include/default.robot
@@ -203,6 +203,7 @@ ${POWERSHELL_STR_HDMI_OUT}=                         Audio Driver for Display Aud
 # Test module: dasharo-security
 ${TPM_SUPPORTED_VERSION}=                           ${NONE}
 ${TPM_EXPECTED_CHIP}=                               FILL_WITH_CORRECT_VALUE_BEFORE_TESTING
+${TPM_MULTIPLE_BANK_SUPPORT}=                       ${TRUE}
 ${VERIFIED_BOOT_SUPPORT}=                           ${FALSE}
 ${VERIFIED_BOOT_POPUP_SUPPORT}=                     ${FALSE}
 ${MEASURED_BOOT_SUPPORT}=                           ${FALSE}

diff --git a/platform-configs/include/protectli-v1x10.robot b/platform-configs/include/protectli-v1x10.robot
@@ -41,7 +41,7 @@ ${TPM_DETECT_SUPPORT}=                          ${TRUE}
 ${DEVICE_NVME_DISK}=                            Non-Volatile memory controller
 ${HIBERNATION_AND_RESUME_SUPPORT}=              ${TRUE}
 ${HIBERNATION_ITERATIONS_NUMBER}=               5
-
+${TPM_MULTIPLE_BANK_SUPPORT}=                   ${FALSE}
 
 *** Keywords ***
 Flash Device Via External Programmer