Re: [TrouSerS-users] Re : About resetting TPM PCRs on reboot;

Tadd Seiff Fri, 03 Mar 2017 06:29:57 -0800

Hi Pritha,

I think you should just not use PCR 0-15.


It seems that there is some other TPM aware Fw on your system which is
likely using these lower PCRs during boot. For example on PC these low PCRs
are used during Secure Boot and Linux uses I think PCR 10 for its kernel
measurement.

So this is not a cause for alarm and maybe expected, depending on the
platform.

Hope this helps.

-Tadd




On Thu, Mar 2, 2017, 20:53 Pritha Ganguly <[email protected]>
wrote:

> Hello,
>
> I am working on the ATMEL TPM(1.2) device on an embedded platform. While
> experimenting with the extend operation of the PCR, I extended the PCR 0
> with a string of 20 bytes. As mentioned in the TPM specification, the PCRs
> 0-15 are resettable on reboot. On reboot, PCR 0 was not reset and the PCRs
> 1-15 also got modified. Here's the flow of operation which I performed and
> the corresponding output.
>
> # cat /sys/class/misc/tpm0/device/pcrs
>
> PCR-00: FD 89 A2 DE 1A 91 D7 A2 2B D1 78 7A A7 C2 77 9D E0 99 F7 C0
> PCR-01: 49 20 44 4B 1E AF B2 AA 4A C1 2B D1 44 2B 82 1F 52 EC E7 4B
> PCR-02: 38 53 A8 EF 61 83 59 ED 7F 7F 2E CC 7B C8 D2 F3 87 EB 7C 55
> PCR-03: 2C 2F B4 2A 15 36 B2 28 C6 01 40 D8 64 D7 30 7F AA 6D 91 54
> PCR-04: 2E CF 07 F9 C7 30 B4 4C EE 19 7B 0D 36 4E EE 6C F1 36 57 F6
> PCR-05: 38 70 21 67 DB 54 96 54 A1 4F 45 5F 6A 32 42 EF EC 51 21 F5
> PCR-06: 17 74 56 21 A9 45 7A 43 5C AD 2E 9E 96 4C EE 6B 6C EC FA 25
> PCR-07: E3 0D 10 07 E5 38 19 5D 25 1E 8E 49 6E DE BF 8F AE 38 20 21
> PCR-08: B9 1D 40 71 B0 AB AF 01 BD 14 1D 2B 7C 5B AF 66 9A B7 2C 00
> PCR-09: D3 D4 51 B9 CA 9D FE 28 DC 5E AD 02 9A 84 44 67 49 48 0A 87
> PCR-10: 6A 30 46 F0 4E DC D3 A8 A5 4F 4C 26 0F 64 63 0C 83 83 C7 3A
> PCR-11: 42 5D 51 0A 0B 91 4C A3 1F 76 26 98 A8 97 8C 32 46 A0 92 6F
> PCR-12: BD 7D 9D 93 C7 B2 17 80 38 E3 55 E9 45 19 3B 55 0A 3F EF 06
> PCR-13: 39 0B 31 0A 42 EC 07 07 A2 02 E5 A6 D3 CB 8E BB 33 FD 7C 0D
> PCR-14: 98 BB 81 70 A6 F3 7B 3A 4B 79 45 C0 15 2F DC EE 5F A1 1F 3B
> PCR-15: 06 86 9D E0 B9 0E 0E D6 12 37 5C 9C 68 74 67 D2 7E 47 7B D4
> PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
> PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
> # ./tpm_extendpcr -i pcr.txt -p 0
> # cat /sys/class/misc/tpm0/device/pcrs
>
> PCR-00: 9A D9 2D 86 9D 81 BD 58 08 7C F7 8E C6 31 CB BF 0C 9D 0D 28
> PCR-01: 49 20 44 4B 1E AF B2 AA 4A C1 2B D1 44 2B 82 1F 52 EC E7 4B
> PCR-02: 38 53 A8 EF 61 83 59 ED 7F 7F 2E CC 7B C8 D2 F3 87 EB 7C 55
> PCR-03: 2C 2F B4 2A 15 36 B2 28 C6 01 40 D8 64 D7 30 7F AA 6D 91 54
> PCR-04: 2E CF 07 F9 C7 30 B4 4C EE 19 7B 0D 36 4E EE 6C F1 36 57 F6
> PCR-05: 38 70 21 67 DB 54 96 54 A1 4F 45 5F 6A 32 42 EF EC 51 21 F5
> PCR-06: 17 74 56 21 A9 45 7A 43 5C AD 2E 9E 96 4C EE 6B 6C EC FA 25
> PCR-07: E3 0D 10 07 E5 38 19 5D 25 1E 8E 49 6E DE BF 8F AE 38 20 21
> PCR-08: B9 1D 40 71 B0 AB AF 01 BD 14 1D 2B 7C 5B AF 66 9A B7 2C 00
> PCR-09: D3 D4 51 B9 CA 9D FE 28 DC 5E AD 02 9A 84 44 67 49 48 0A 87
> PCR-10: 6A 30 46 F0 4E DC D3 A8 A5 4F 4C 26 0F 64 63 0C 83 83 C7 3A
> PCR-11: 42 5D 51 0A 0B 91 4C A3 1F 76 26 98 A8 97 8C 32 46 A0 92 6F
> PCR-12: BD 7D 9D 93 C7 B2 17 80 38 E3 55 E9 45 19 3B 55 0A 3F EF 06
> PCR-13: 39 0B 31 0A 42 EC 07 07 A2 02 E5 A6 D3 CB 8E BB 33 FD 7C 0D
> PCR-14: 98 BB 81 70 A6 F3 7B 3A 4B 79 45 C0 15 2F DC EE 5F A1 1F 3B
> PCR-15: 06 86 9D E0 B9 0E 0E D6 12 37 5C 9C 68 74 67 D2 7E 47 7B D4
> PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
> PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
> # reboot
> # cat /sys/class/misc/tpm0/device/pcrs
>
> PCR-00: 9A D9 2D 86 9D 81 BD 58 08 7C F7 8E C6 31 CB BF 0C 9D 0D 28
> PCR-01: 2E 0D 03 0E 76 63 BE 09 DC 86 E8 1F 54 C2 3E 7C C7 C6 AD 9D
> PCR-02: 4A A6 1A 10 8B 42 18 05 C9 61 E7 CD 1C BD 6A E9 02 F3 CC E0
> PCR-03: 3A E2 33 E3 2D 76 3C A6 0D 40 BB 50 AC 28 20 CC A4 57 63 43
> PCR-04: 60 19 D2 55 90 F7 D4 69 01 F2 18 1A AD 54 5A 77 11 CE 28 9E
> PCR-05: 03 24 C9 EE A6 AE 65 65 51 1A 5B F2 68 2B C0 0F 56 48 80 31
> PCR-06: 17 74 56 21 A9 45 7A 43 5C AD 2E 9E 96 4C EE 6B 6C EC FA 25
> PCR-07: E3 0D 10 07 E5 38 19 5D 25 1E 8E 49 6E DE BF 8F AE 38 20 21
> PCR-08: B9 1D 40 71 B0 AB AF 01 BD 14 1D 2B 7C 5B AF 66 9A B7 2C 00
> PCR-09: D3 D4 51 B9 CA 9D FE 28 DC 5E AD 02 9A 84 44 67 49 48 0A 87
> PCR-10: 6A 30 46 F0 4E DC D3 A8 A5 4F 4C 26 0F 64 63 0C 83 83 C7 3A
> PCR-11: 42 5D 51 0A 0B 91 4C A3 1F 76 26 98 A8 97 8C 32 46 A0 92 6F
> PCR-12: BD 7D 9D 93 C7 B2 17 80 38 E3 55 E9 45 19 3B 55 0A 3F EF 06
> PCR-13: 39 0B 31 0A 42 EC 07 07 A2 02 E5 A6 D3 CB 8E BB 33 FD 7C 0D
> PCR-14: 98 BB 81 70 A6 F3 7B 3A 4B 79 45 C0 15 2F DC EE 5F A1 1F 3B
> PCR-15: 06 86 9D E0 B9 0E 0E D6 12 37 5C 9C 68 74 67 D2 7E 47 7B D4
> PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
> PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
> How do I reset the PCR0? I'm not able to understand why the values of PCRs
> 1-15 also got modified.
> I also tried extending on the PCR16 and it also didn't get reset on reboot.
>
> Thanks and Regards,
> Pritha Ganguly.
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> TrouSerS-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/trousers-users
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users

Re: [TrouSerS-users] Re : About resetting TPM PCRs on reboot;

Reply via email to