Understanding TPM 2.0 and Platform Configuration Registers (PCRs)

Posted on by Eric Ma In Systems 101, Tutorial

The Trusted Platform Module (TPM) 2.0 is a hardware-based security feature designed to enhance the integrity and security of computing systems. It is an international standard defined by the Trusted Computing Group (TCG) and is implemented as a dedicated chip or firmware module on a computer’s motherboard. The TPM provides cryptographic functions, secure storage, and measurement capabilities, enabling a variety of security applications, including secure boot, disk encryption, remote attestation, and more.

TPM 2.0 is an evolution of the earlier TPM 1.2 standard, with additional flexibility, extended cryptographic algorithms, and a more robust architecture. Among its core features, Platform Configuration Registers (PCRs) are critical for enabling integrity measurement and reporting.

Key Features of TPM 2.0

Cryptographic Operations:

  • Key Generation and Storage: TPM 2.0 can securely generate and store cryptographic keys. These keys are never exposed outside the TPM, ensuring they remain secure.
  • Hashing and Signing: It supports hashing algorithms (e.g., SHA-256) and is capable of cryptographic signing.
  • Encryption and Decryption: TPM 2.0 supports encryption and decryption using symmetric and asymmetric keys.
  • Support for Multiple Algorithms: TPM 2.0 supports modern cryptographic algorithms like ECC (Elliptic Curve Cryptography), RSA, and SHA-256, with flexibility for future algorithms.

Secure Storage:

  • The TPM can securely store sensitive information, such as cryptographic keys, certificates, and measurements, in a way that ensures confidentiality and integrity.

Attestation:

  • TPM 2.0 enables the concept of attestation, where the state of a system is cryptographically signed and can be verified by another entity (e.g., a remote server). This is done by leveraging Platform Configuration Registers (PCRs).

Random Number Generation:

  • TPM 2.0 includes a hardware-based random number generator (RNG) to generate cryptographic-quality random numbers.

Platform Integrity:

  • Through PCRs, TPM can measure and record the integrity of software and hardware components during the boot process and runtime.

Platform Configuration Registers (PCRs)

What Are PCRs?

Platform Configuration Registers (PCRs) are special-purpose registers inside the TPM that store cryptographic “measurements” of the system’s state. These measurements are essentially hash values that represent the integrity of specific components (e.g., firmware, bootloader, operating system). PCRs are used in processes like Secure Boot, Measured Boot, and Remote Attestation to ensure that the system has not been tampered with.

Each PCR is a 256-bit register (in TPM 2.0, typically using SHA-256) and is initialized to a default value (usually all zeros) at system startup. PCRs cannot be arbitrarily written to but are updated using a specific cryptographic operation called Extend.

PCR Extend Operation

The Extend operation is the mechanism by which PCRs are updated. Instead of replacing the current value of the PCR, the TPM performs a cryptographic hash operation to “extend” the PCR’s value. This ensures that historical measurements cannot be overwritten or tampered with.

The formula for the Extend operation is:

PCR[n] = Hash(PCR[n] || NewMeasurement)

Where:

  • PCR[n] is the current value of the PCR.
  • NewMeasurement is the new hash measurement being added.
  • Hash is the cryptographic hash function used (e.g., SHA-256).
  • || is the concatenation operator.

This process ensures that the order of measurements is preserved, and the PCR value becomes a cumulative representation of all measurements made so far.

PCR Structure and Indexing

In TPM 2.0, there are typically 24 PCRs available, though this number can vary depending on the implementation. These registers are divided into banks based on different hash algorithms. For example:

  • A SHA-1 PCR bank may have 24 PCRs.
  • A SHA-256 PCR bank may have another 24 PCRs.

Each PCR is identified by an index number (e.g., PCR[0], PCR[1], …, PCR[23]). The specific purpose and usage of each PCR index are defined by platform specifications and OEM implementations.

Common PCR Usage:

  • PCR[0]: Measurements of the BIOS/UEFI firmware.
  • PCR[1]: Measurements of the bootloader.
  • PCR[2]: Configuration data.
  • PCR[3]: Operating system kernel.
  • PCR[4]: Boot drivers.
  • PCR[5-7]: Reserved for OEM or platform-specific use.
  • PCR[8-15]: Typically reserved for runtime measurements (e.g., application states).
  • PCR[16-23]: Vendor-specific or application-specific usage.

PCR Usage in Security Applications

Secure Boot and Measured Boot:

  • During the boot process, each stage (e.g., UEFI firmware, bootloader, OS) is measured (hashed) and the result is extended into specific PCRs.
  • If any component is modified, the hash will change, resulting in a different PCR value. This ensures that unauthorized changes to the boot process can be detected.

Remote Attestation:

  • PCRs are used to generate a cryptographic proof of the system state. This proof, called a quote, is signed by the TPM’s Attestation Key (AK) and can be sent to a remote verifier.
  • The verifier checks the PCR values to ensure the system is in a trusted state.

Sealing:

  • TPM 2.0 can “seal” sensitive data by binding it to a specific PCR state. The sealed data can only be decrypted if the PCR values match the expected state, ensuring that the data remains secure if the system is tampered with.

Advanced Details: PCR Banks and Algorithms

PCR Banks

PCR banks allow the TPM to maintain multiple sets of PCRs, each using a different hash algorithm. This feature enables flexibility in adopting newer cryptographic standards while maintaining backward compatibility.

For example:

  • A TPM may have PCR banks for SHA-1, SHA-256, and SHA-384.
  • A single PCR index (e.g., PCR[0]) will have separate values for each algorithm, depending on the measurements extended into it.

Algorithm Agility

TPM 2.0 supports algorithm agility, meaning that the hash algorithms used for PCR operations can be selected based on the security requirements of the system. This is particularly important as older algorithms like SHA-1 are phased out in favor of stronger algorithms like SHA-256 or SHA-384.

PCR Manipulation and Access

Reading PCR Values

PCR values can be read using TPM commands, such as:

  • TPM2_PCR_Read: Retrieves the current value of one or more PCRs.
  • TPM2_PCR_Event: Records an event and extends the corresponding PCR.

Resetting PCRs

Certain PCRs (typically runtime PCRs like PCR[16-23]) can be reset to their default value (all zeros). This is done using the TPM2_PCR_Reset command, but only if the PCR has been configured to allow resets.

Security Implications of PCRs

Tamper Resistance:

  • PCRs are stored in the TPM and cannot be modified directly. The cryptographic Extend operation ensures that measurements cannot be overwritten or erased.

Replay Prevention:

  • The cumulative nature of PCR Extend ensures that the order and integrity of measurements are preserved. Any attempt to replay an old measurement will result in a different PCR value.

Hardware Root of Trust:

  • PCRs provide a hardware-enforced root of trust for measurement, ensuring that system integrity can be reliably verified.

Conclusion

TPM 2.0 and its Platform Configuration Registers (PCRs) play a crucial role in modern system security by enabling robust integrity measurement, secure storage, and attestation capabilities. PCRs, through the cryptographic Extend operation, ensure that system states can be measured and verified in a secure and tamper-resistant manner. By leveraging these features, organizations can implement secure boot, measured boot, and remote attestation, among other critical security functionalities.

As computing systems face ever-evolving threats, TPM 2.0 and PCRs will remain foundational technologies for ensuring trust and security in hardware and software environments.

Read more:

Eric Ma

Eric is a systems guy. Eric is interested in building high-performance and scalable distributed systems and related technologies. The views or opinions expressed here are solely Eric's own and do not necessarily represent those of any third parties.

Leave a Reply

Your email address will not be published. Required fields are marked *