Which PCRs are sealed into the key (meaning used for encryption) depends on the key itself.

For BitLocker, Windows decides which PCRs are to be used according to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI.

The default PCRs used by BitLocker in the BIOS are 0, 2, 4, 8, 9, 10, 11:

• PCR0: Dynamic Root of Trust, BIOS Code, Platform Extensions
• PCR2: ROM Code
• PCR4: MBR Code
• PCR8: NTFS Boot Sector
• PCR9: NTFS Boot Block
• PCR10: NTFS Boot Manager
• PCR11: BitLocker’s Volume Master Key (VMK) and its critical components

For more information see:

• Bitlocker using TPM
• Understanding PCR banks on TPM 2.0 devices
• TPM PCR Calculator