4

How to extend the running application into PCR? and Which PCR can be used for it?

Geek
  • 363
  • 1
  • 7
  • 14

1 Answers1

10

I assume you mean a TPM version 1.2 on a PC platform, so the following specification documents are of interest for you:

Now to your questions:

  1. "How to extend the running application into PCR?"

    You need some piece of software that identifies "the running application" (=measure) and issue a TPM_Extend command to the TPM. Usually this is done through a TSS, but you can also do that with a self written program, the TPM_Extend command is not that complex.

    Identifying means calculating a SHA-1 hash in most cases, but the TPM does not care. The description of the data you provide is:

    The 160 bit value representing the event to be recorded.

  2. "Which PCR can be used for it?"

    This depends on your actual environment. Access to PCRs are controlled by localities. Here is a table showing which PCR can be extended in which locality:

    PCR       Alias (description)         Extendable in localities
-----------------------------------------------------------------
0-15      Static RTM                  4,3,2,1,0
16        Debug                       4,3,2,1,0
17        Locality 4                  4,3,2
18        Locality 3                  4,3,2
19        Locality 2                    3,2
20        Locality 1                    3,2,1
21        Dynamic OS controlled           2
22        Dynamic OS controlled           2
23        Application Specific        4,3,2,1,0

    Which locality you are in depends on your environment. If you are in a Linux userspace, for exmaple, you have locality 0.

    If you are designing a trusted architecture you will also have to consider how the PCRs can be reset (in which localities).

    The localities are described in TCG PC Client Specific TPM Interface Specification (TIS):

    • Locality 4: Trusted hardware component. This is used by the D-CRTM to establish the Dynamic RTM.

    • Locality 3: Auxiliary components. Use of this is optional and, if used, it is implementation dependent.

    • Locality 2: Dynamically Launched OS (Dynamic OS) “runtime” environment.

    • Locality 1: An environment for use by the Dynamic OS.

    • Locality 0: The Static RTM, its chain of trust and its environment.

Scolytus
  • 16,338
  • 6
  • 46
  • 69
  • I am unclear on this SHA-1 hash calculation: Calculating SHA-1 of all the files of the Application or Just Binary? – Geek Oct 27 '13 at 13:50
  • 1
    This depends on your desired system architecture. For a trusted system you would have to measure everything that can affect system behavior. – Scolytus Oct 27 '13 at 13:55
  • can you shed some light on localities, what they are? by some example! – Geek Oct 27 '13 at 15:07
  • 1
    They are some kind of privilege level. If you want to really understand them you have to read and understand the DRTM concepts of TCG. – Scolytus Oct 27 '13 at 16:55
  • In this scenario how can we prove that we are running the application that is measured and not the one that is not measured...... In this case we have to measure everything ....then a critical question will be how will we prove that we have measured everything and haven't skipped anything... I guess these questions are academic in nature! – Geek Oct 28 '13 at 12:40
  • @Geek That's a different question. What exactly do you mean? Is this related to http://stackoverflow.com/questions/19613476/remotely-verifying-the-application-in-execution ? – Scolytus Oct 28 '13 at 13:00
  • Yes it is, may be I should post this under a question of Building Sound Chain of Trust! – Geek Oct 28 '13 at 13:06