Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PCR register value will reset to deafult when power on reset #21

Open
saravanj24 opened this issue Aug 1, 2023 · 1 comment
Open

PCR register value will reset to deafult when power on reset #21

saravanj24 opened this issue Aug 1, 2023 · 1 comment

Comments

@saravanj24
Copy link

Hi
We written the hash value in pcr index by using the PCR extend command. when power on reset the default value is updated automatically.
We are planning to check the measured boot concept using TPM with raspberry pi.
Is possible retrieve the hash we passed to pcr extend command?
could please help on how to verify the measured boot

Thanks,
saravanan
@jordithijsman
Copy link

When you boot to Linux there should be a file under /sys/kernel/security/tpm0/binary_bios_measurements. You can parse this using tpm2-tools like this: sudo tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements, which will give you a log of all entries recorded into the PCRs during boot. If you cross-reference this with a TPM quote you can verify the measured boot.

Keep in mind that a Raspberry Pi does not have a core root of trust for measurement (CRTM) that initializes the measurements so PCR values can never fully be trusted.

It is normal behavior for the PCRs to reset after a reboot, it will only hold the values of the most recent boot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jordithijsman @saravanj24