TPM PCR usage on TXT

From Open Source VMM wiki

Jump to: navigation, search

Contents

[hide]

• 1High Level Description
• 2MLE DG Description
• 3Tboot README Description
• 4Guidance for recalculate pcr values based on tboot log

[edit]High Level Description

• PCR 17: Used by SENTER on measuring SINIT. By SINIT on measuring BIOS ACM, STM, LCP Policy. By tboot on measuring Tboot Policy.
• PCR 18: Used by SINIT on measuring tboot. By tboot on measuring Xen or Linux kernel (first module in grub.conf).
• PCR 19: By default used by tboot on measuring all modules(other than the first module) such as Xen's dom0 kernel, initrd.

[edit]MLE DG Description

PCR 17 :   switch(SinitMleData.Version)       case 6:           Extend(SHA-1(SinitMleData.SinitHash|SinitMleData.EdxSenterFlags))           Extend(SHA-1(SinitMleData.BiosAcm.ID|SinitMleData.MsegValid|SinitMleData.StmHash|                        SinitMleData.PolicyControl|SinitMleData.LcpPoilcyHash|                        (OsSinitData.Capabilities,0)))       case 7:           SHA-1(SinitMleData.SinitHash|                 SHA-1(SinitMleData.BiosAcm.ID|SinitMleData.MsegValid|SinitMleData.StmHash|                       SinitMleData.PolicyControl|SinitMleData.LcpPoilcyHash|                       (OsSinitData.Capabilities,0)))       case 8:           SHA-1(SinitMleData.SinitHash|                 SHA-1(SinitMleData.BiosAcm.ID|SinitMleData.MsegValid|SinitMleData.StmHash|                       SinitMleData.PolicyControl|SinitMleData.LcpPoilcyHash|                       (OsSinitData.Capabilities,0) | SinitMleData.ProcessorSCRTMStatus))PCR 18 :   Extend(SinitMleData.MleHash) (= SHA-1(20byte-0s | SinitMleData.MleHash))

Notes:

(OsSinitData.Capabilities,0) means:

• if SinitMleData.PolicyControl.bit2 is 1, use value of OsSinitData.Capabilities
• if SinitMleData.PolicyControl.bit2 is 0, use a 4-byte 0s.

[edit]Tboot README Description

PCR 17 :  It will be extended with the following values (in this order):      -  The values as documented in the MLE Developers Manual      -  SHA-1 hash of:  tboot policy control value (4 bytes) |                         SHA-1 hash of tboot policy (20 bytes)         : where the hash of the tboot policy will be 0s if           TB_POLCTL_EXTEND_PCR17 is clearPCR 18 :  It will be extended with the following values (in this order):      -  SHA-1 hash of tboot (as calculated by lcp_mlehash)      -  SHA-1 hash of first module in grub.conf (e.g. Xen or Linux kernel)PCR * : tboot policy may specify modules' measurements to be extended into       PCRs specified in the policy  The default tboot policy will extend, in order, the SHA-1 hashes of all  modules (other than 0) into PCR 19.

[edit]Guidance for recalculate pcr values based on tboot log