2

I am trying to learn more about trusted boot / trusted platform modules and I understand about Platform Configuration Register (PCR) values being a measurement of a 'good' configuration signed by a key locked from access within the TPM chip.

What I don't understand is how these initial 'good' states are set within the PCR values. Is it a case of a signing authority allows the bios vendor or bootloader / kernel maintainer to sign off a release and its 'good' measurements or is it something recorded during first boot of a machine?

Also how are these PCRs populated and recognised as 'good' if someone upgrades kernel, is it again a signing authority, or does the PCRs need to be reset and good configurations set again?

Apologies if there are holes in my understandings here, trying to get a grip on a fairly complex topic.

kelalaka
  • 5,409
  • 4
  • 24
  • 47
decodebytes
  • 131
  • 4

1 Answers1

2

What you asked is the PCR values from so-called "golden measurement" or "baseline measurement", which can be conducted by the platform manufacturer such as DELL or platform administrator like your department IT. Those values are saved and used for verification by TPM. This is part of the "provisioning process".

Please check the book "TCG TPM v2.0 Provisioning Guidance" for section 10 and section 11.

When you update your system, the PCR values will change. That means your updating package should be able to automatically bring your PCR the new values in the package or the platform administrator has to carry out another golden measurement. In some cases, you may have to temporarily disable some features that depend on the PCR values before updating your system - otherwise, the system may stop working when seeing a different measurement.

For example, here is a list of BIOS revision history who has the PCR0 values given for every update, because PCR0 has the measurement value of BIOS.

Xiao-Feng Li
  • 121
  • 4