PCR's are controlled via locality 0 - 4, locality 0 is legacy and behaves
exactly like TPM 1.1b and falls under the Static root of trust measurement
and covers PCR 0-15. PCR's from 17-22 are locality and trusted OS
controlled. So if you were not able to extend any of these you are running
in locality 0, which is the Static RTM. Generally the higher PCR's are for
dynamic root of trusts which the CPU itself needs to support additional
instructions for some of these localities, for example Intel's Trusted
Execution Technology.
Ceri
From: hassan khan [mailto:[email protected]]
Sent: 31 October 2013 18:03
To: [email protected]
Subject: [TrouSerS-tech] General Query!
As there are 24 PCR's in TPM 1.2 specification. Some of these PCRs are
reserved and cannot be extended by user's code. Below are the PCR Index with
their Usage
1. CRTM, BIOS and Platform Extensions
2. Platform Configuration
3. Option ROM Code
4. Option ROM Configuration and Data
5. IPL7Code (MBR Information and Bootloader Stage 1)
6. IPL Code and Configuration Data (for use by IPL Code)
7. State Transition and Wake Events
8. Reserved for future usage. Do not use.
9. Bootloader Stage 2 Part 1
10. Bootloader Stage 2 Part 2
11. Not in Use.
12. Not in Use.
13. Bootloader Command line Arguments
14. Files checked via check-file routine
15. Files which are actually loaded (e.g. Linux kernel, initrd, modules..)
16. Not in Use.
17. Not in Use.
18. DRTM
18-23. Not in Use.
what I understood that a user can extend all the PCR's which are not in use?
Is this correct? I asked this question Because I have written my own code to
extend PCR's (by following
https://www.cylab.cmu.edu/tiw/slides/challener-handout.pdf) and it turns
out that i can extend all the PCR's except from PCR 17 to PCR 22. And my
understanding was that I can only extend few and especially cannot play with
the lower ones from PCR 0 to PCR 7.
Your help is highly appreciated! I can send the code as well if required!
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
