TPM 1.2 only support SHA-1 algorithm
Each TPM has at least 24 PCRs. The TCG Generic Server Specification, v1.0, March 2005, defines the PCR assignments for boot-time integrity measurements. The table below shows a typical PCR configuration. The context indicates if the values are determined based on the node hardware (firmware) or the software provisioned onto the node. Some values are influenced by firmware versions, disk sizes, and other low-level information.
Therefore, it is important to have good practices in place around configuration management to ensure that each system deployed is configured exactly as desired.
|Register||What is measured||Context|
|PCR-00||Core Root of Trust Measurement (CRTM), BIOS code, Host platform extensions||Hardware|
|PCR-01||Host platform configuration||Hardware|
|PCR-02||Option ROM code||Hardware|
|PCR-03||Option ROM configuration and data||Hardware|
|PCR-04||Initial Program Loader (IPL) code. For example, master boot record.||Software|
|PCR-05||IPL code configuration and data||Software|
|PCR-06||State transition and wake events||Software|
|PCR-07||Host platform manufacturer control||Software|
|PCR-08||Platform specific, often kernel, kernel extensions, and drivers||Software|
|PCR-09||Platform specific, often Initramfs||Software|
|PCR-10 to PCR-23||Platform specific||Software|
So there are very good use case of TPM to ensure secure boot and integrity of hardware – who all are using TPM? There are many institutions who runs their private clouds have been seen using TPM chipset on their servers while many public clouds do not support TPM – why? that’s mystery!