Changes between Version 4 and Version 5 of tpm


Ignore:
Timestamp:
02/07/2024 12:18:45 AM (10 months ago)
Author:
Ryan Erbstoesser
Comment:

add PCR values

Legend:

Unmodified
Added
Removed
Modified

  • tpm

    v4 v5  
    11= Trusted Protection Module
    2 
     2[[PageOutline]]
    33Gateworks has an optional TPM on some SBCs.
    44
     
    6161}}}
    6262
     63== PCR Values
     64
     65Platform Configuration Registers (PCRs) are registers that represent ‘fingerprints’ of different pieces of a specific system. These pieces can be things such as the bootloader, Linux kernel, and Initramfs. If the stored PCR values in the TPM do not match the currently booting system PCRs, access will not be granted. For example, someone trying to boot a Ubuntu Live CD would not be able to access the TPM key as the PCRs generated from the original disk and stored in the TPM will not match the newly generated PCRs from the boot CD. PCRs use hashing and thus any new value is concatenated with the old and then hashed. This new hash will replace the old hash. The definition of each specific PCR register can be found online.   
     66
     67Read the PCR Values:
     68{{{
     69#!bash
     70root@jammy-venice:~# tpm2_pcrread
     71  sha1:
     72    0 : 0x0000000000000000000000000000000000000000
     73    1 : 0x0000000000000000000000000000000000000000
     74    2 : 0x0000000000000000000000000000000000000000
     75    3 : 0x0000000000000000000000000000000000000000
     76    4 : 0x0000000000000000000000000000000000000000
     77    5 : 0x0000000000000000000000000000000000000000
     78    6 : 0x0000000000000000000000000000000000000000
     79    7 : 0x0000000000000000000000000000000000000000
     80    8 : 0x0000000000000000000000000000000000000000
     81    9 : 0x0000000000000000000000000000000000000000
     82    10: 0x0000000000000000000000000000000000000000
     83    11: 0x0000000000000000000000000000000000000000
     84    12: 0x0000000000000000000000000000000000000000
     85    13: 0x0000000000000000000000000000000000000000
     86    14: 0x0000000000000000000000000000000000000000
     87    15: 0x0000000000000000000000000000000000000000
     88    16: 0x0000000000000000000000000000000000000000
     89    17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
     90    18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
     91    19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
     92    20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
     93    21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
     94    22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
     95    23: 0x0000000000000000000000000000000000000000
     96  sha256:
     97
     98}}}
     99
     100== Clearing the TPM
     101
     102Only do this if you need to clear the TPM
     103{{{
     104tpm2_clear
     105}}}
     106