TPM PCR usage on TXT

TPM PCR usage on TXT

From Open Source VMM wiki

Jump to: navigation, search

[edit] High Level Description

• PCR 17: Used by SENTER on measuring SINIT. By SINIT on measuring BIOS ACM, STM, LCP Policy. By tboot on measuring Tboot Policy.
• PCR 18: Used by SINIT on measuring tboot. By tboot on measuring Xen or Linux kernel (first module in grub.conf).
• PCR 19: By default used by tboot on measuring all modules(other than the first module) such as Xen's dom0 kernel, initrd.

[edit] MLE DG Description

PCR 17 :
   switch(SinitMleData.Version)
       case 6:
           Extend(SHA-1(SinitMleData.SinitHash|SinitMleData.EdxSenterFlags))
           Extend(SHA-1(SinitMleData.BiosAcm.ID|SinitMleData.MsegValid|SinitMleData.StmHash|
                        SinitMleData.PolicyControl|SinitMleData.LcpPoilcyHash|
                        (OsSinitData.Capabilities,0)))
       case 7:
           SHA-1(SinitMleData.SinitHash|
                 SHA-1(SinitMleData.BiosAcm.ID|SinitMleData.MsegValid|SinitMleData.StmHash|
                       SinitMleData.PolicyControl|SinitMleData.LcpPoilcyHash|
                       (OsSinitData.Capabilities,0)))
       case 8:
           SHA-1(SinitMleData.SinitHash|
                 SHA-1(SinitMleData.BiosAcm.ID|SinitMleData.MsegValid|SinitMleData.StmHash|
                       SinitMleData.PolicyControl|SinitMleData.LcpPoilcyHash|
                       (OsSinitData.Capabilities,0) | SinitMleData.ProcessorSCRTMStatus))
PCR 18 :
   Extend(SinitMleData.MleHash) (= SHA-1(20byte-0s | SinitMleData.MleHash))

Notes:

(OsSinitData.Capabilities,0) means:

• if SinitMleData.PolicyControl.bit2 is 1, use value of OsSinitData.Capabilities
• if SinitMleData.PolicyControl.bit2 is 0, use a 4-byte 0s.

[edit] Tboot README Description

PCR 17 :
  It will be extended with the following values (in this order):
      -  The values as documented in the MLE Developers Manual
      -  SHA-1 hash of:  tboot policy control value (4 bytes) |
                         SHA-1 hash of tboot policy (20 bytes)
         : where the hash of the tboot policy will be 0s if
           TB_POLCTL_EXTEND_PCR17 is clear
PCR 18 :
  It will be extended with the following values (in this order):
      -  SHA-1 hash of tboot (as calculated by lcp_mlehash)
      -  SHA-1 hash of first module in grub.conf (e.g. Xen or Linux kernel)
PCR * : tboot policy may specify modules' measurements to be extended into
       PCRs specified in the policy
  The default tboot policy will extend, in order, the SHA-1 hashes of all
  modules (other than 0) into PCR 19.

[edit] Guidance for recalculate pcr values based on tboot log