2

As there are 24 PCR's in TPM 1.2 specification. Some of these PCRs are reserved and cannot be extended by user's code. Below are the PCR Index with their usage:

0 - CRTM, BIOS and Platform Extensions
1 - Platform Configuration
2 - Option ROM Code
3 - Option ROM Configuration and Data
4 - IPL Code (MBR Information and Bootloader Stage 1)
5 - IPL Code and Configuration Data (for use by IPL Code)
6 - State Transition and Wake Events
7 - Reserved for future usage. Do not use.
8 - Bootloader Stage 2 Part 1
9 - Bootloader Stage 2 Part 2
10 - Not in Use.
11 - Not in Use.
12 - Bootloader Command line Arguments
13 - Files checked via check-file routine
14 - Files which are actually loaded (e.g. Linux kernel, initrd, modules..)
15 - Not in Use.
16 - Not in Use.
17 - DRTM
18 to 23. Not in Use.

What I understood that a user can extend all the PCR's which are not in use? Is this correct? I asked this question Because I have written my own code to extend PCR's (by following https://www.cylab.cmu.edu/tiw/slides/challener-handout.pdf) and it turns out that i can extend all the PCR's except from PCR 17 to PCR 22. And my understanding was that I can only extend few and especially cannot play with the lower ones from PCR 0 to PCR 7.

Your help is highly appreciated! I can send the code as well if required!

northox
  • 1,403
  • 16
  • 26
Geek
  • 469
  • 1
  • 4
  • 9

2 Answers2

1

Short story

You can extend all of them, but it depends on the context. To understand what I mean by context we need to talk about the concept of Localities. Briefly, you can see this as some form of trust domains. By default, you're in Locality 0.

I don't see why you would need to do this but to extend all PCRs, you need to be in Locality 2. In other words, you need to load a trusted OS/MLE (an OS you wish to trust) using DRTM.

Long story

SRTM, i.e. PCRs 0-15 cannot be reset (except at boot) but they can always be extended (Locality 0 is required which, as I said earlier, is the default locality).

For DRTM, i.e. 17-22, it's a bit more complex. I'll describe it a little but the real matrix you should see is right here section 7.2.

  • Locality 4 is controlled by hardware/microcode so you can really see it as the root of DRTM/TXT. It's used to reset PCRs 17-20 and send the measurement of SINIT ACM (Authenticated Code Module) in PCR 17. You don't get to run code in locality 4, only TXT instructions does but you get to launch this process using the SENTER instructions.
  • Locality 3 refers to SINIT ACM which is responsible to validate some security settings referring to DRTM (ACPI/DMAR tables, e.g. for DMA protection), and send the measurement of the Measured Launch Environment (MLE) in PCR 18. Again, you don't get access to this locality, only SINIT does (Intel's code).
  • Locality 2 is for the runtime of the MLE. It can reset 20-22 and extend all PCRs. Here's where you get to run your code (whatever you decided to be your trusted OS).
  • Locality 1 is general purpose for the MLE.

As you can see , the different Locality level are used by DRTM to create some sort of staged trust levels.

northox
  • 1,403
  • 16
  • 26
-2

Its depends on the locality in which we are... there are 6 localities. I was in locality 0.

Geek
  • 469
  • 1
  • 4
  • 9