how to enable TPM measured boot and see pcr values in windows 10?

Question

How can I enable TPM measured boot in Windows 10?

I want the TPM hashes to be captured in PCR values and I want to be able to see the results. I know how to do it in Linux but I don't know what should I do in Windows.

I found the following guides, but they don't seem to have the information I need:

On the Microsoft website there is a guide: https://learn.microsoft.com/en-us/powershell/module/trustedplatformmodule/get-tpm?view=win10-ps but it's only for very basic tasks and doesn't explain this.
I also saw this: TPM PCR Generation in Windows but it's not what I want.

Any help is appreciated.

why do you give me negative score? why? why? answer rapidly. i want to know why — capstonene, Mar 04 '21 at 17:46
The question is very vague, include how you do it in linux, an example of what you get and maybe then someone will try to answer it. — Roque Sosa, Mar 05 '21 at 00:46
In Windows at least, you'd normally enable TPM in your firmware settings. But the question about how to see the results generated by TPM is very useful, and so is the answer by @MiSimon. — MikeBeaton, Feb 20 '22 at 22:20
capstonene: I think it is a great shame that your question is closed and locked. I found the question and the current answer very useful. Perhaps you could further edit as requested by @RoqueSosa to include what you do in Linux and what results you get from doing that? — MikeBeaton, Feb 21 '22 at 03:43

score 0 · Accepted Answer · edited Feb 21 '22 at 03:44

0

If you want to see all hashes that led to the current PCR values, you can use the WBCL (Windows Boot Configuration Logs) provided by the TPM and Windows (I think starting from Windows 8). These are logs that are generated by the TPM/Firmware and stored under "C:\Windows\Logs\MeasuredBoot". They contain every event that was sent to the TPM and every operation on a PCR register should be one of these events.

I am using the TCGLogTools to parse these logs. The format of the logs is documented here and here if you wanted to write your own parser.

edited Feb 21 '22 at 03:44

MikeBeaton

3,314
4
36
45

answered Mar 04 '21 at 13:55

MiSimon

1,225
1
8
10

what is WBCL? i don't know – capstonene Mar 04 '21 at 15:32
These are logs that are generated by the TPM/Firmware and stored under "C:\Windows\Logs\MeasuredBoot". They contain every event that was sent to the TPM and every operation on a PCR register should be one of these events. – MiSimon Mar 04 '21 at 15:44
C:\Windows\Logs\MeasuredBoot is empty for me – capstonene Mar 04 '21 at 17:02
but my tpm is active – capstonene Mar 04 '21 at 17:02
why is it empty? – capstonene Mar 04 '21 at 17:02
i search more and i find tpmtool. but in my laptop tpmtool doesn't exist – capstonene Mar 04 '21 at 17:03
do you know what should i do? tpmtool for windows doesn't exist in internet to download – capstonene Mar 04 '21 at 17:04
Do you have Secure Boot enabled in your UEFI/Bios? Does Windows known about your TPM (use tpm.msc)? Instead of tpmtool you can use the ibmtpm20tss (https://sourceforge.net/projects/ibmtpm20tss/), it contains Windows cli programs for all available TPM commands. – MiSimon Mar 04 '21 at 18:47
secure boot is not supported in my laptop – capstonene Mar 05 '21 at 16:42
thank you. how can i install it? i can't find out – capstonene Mar 05 '21 at 17:48

how to enable TPM measured boot and see pcr values in windows 10?

1 Answers1