• caglararli@hotmail.com
  • 05386281520

How to reset the TPM PCRs?

Çağlar Arlı      -    11 Views
3Mar

How to reset the TPM PCRs?

I am working on the ATMEL TPM device on an embedded platform. While experimenting with the extend operation of the PCR, I extended the PCR 0 with a string of 20 bytes. As mentioned in the TPM specification, the PCRs 0-15 are resettable on reboot. On reboot, PCR 0 was not reset and the PCRs 1-15 also got modified. Here's the flow of operation which I performed and the corresponding output.

# cat /sys/class/misc/tpm0/device/pcrs

PCR-00: FD 89 A2 DE 1A 91 D7 A2 2B D1 78 7A A7 C2 77 9D E0 99 F7 C0
PCR-01: 49 20 44 4B 1E AF B2 AA 4A C1 2B D1 44 2B 82 1F 52 EC E7 4B
PCR-02: 38 53 A8 EF 61 83 59 ED 7F 7F 2E CC 7B C8 D2 F3 87 EB 7C 55
PCR-03: 2C 2F B4 2A 15 36 B2 28 C6 01 40 D8 64 D7 30 7F AA 6D 91 54
PCR-04: 2E CF 07 F9 C7 30 B4 4C EE 19 7B 0D 36 4E EE 6C F1 36 57 F6
PCR-05: 38 70 21 67 DB 54 96 54 A1 4F 45 5F 6A 32 42 EF EC 51 21 F5
PCR-06: 17 74 56 21 A9 45 7A 43 5C AD 2E 9E 96 4C EE 6B 6C EC FA 25
PCR-07: E3 0D 10 07 E5 38 19 5D 25 1E 8E 49 6E DE BF 8F AE 38 20 21
PCR-08: B9 1D 40 71 B0 AB AF 01 BD 14 1D 2B 7C 5B AF 66 9A B7 2C 00
PCR-09: D3 D4 51 B9 CA 9D FE 28 DC 5E AD 02 9A 84 44 67 49 48 0A 87
PCR-10: 6A 30 46 F0 4E DC D3 A8 A5 4F 4C 26 0F 64 63 0C 83 83 C7 3A
PCR-11: 42 5D 51 0A 0B 91 4C A3 1F 76 26 98 A8 97 8C 32 46 A0 92 6F
PCR-12: BD 7D 9D 93 C7 B2 17 80 38 E3 55 E9 45 19 3B 55 0A 3F EF 06
PCR-13: 39 0B 31 0A 42 EC 07 07 A2 02 E5 A6 D3 CB 8E BB 33 FD 7C 0D
PCR-14: 98 BB 81 70 A6 F3 7B 3A 4B 79 45 C0 15 2F DC EE 5F A1 1F 3B
PCR-15: 06 86 9D E0 B9 0E 0E D6 12 37 5C 9C 68 74 67 D2 7E 47 7B D4
PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

# ./tpm_extendpcr -i pcr.txt -p 0
# cat /sys/class/misc/tpm0/device/pcrs

PCR-00: 9A D9 2D 86 9D 81 BD 58 08 7C F7 8E C6 31 CB BF 0C 9D 0D 28
PCR-01: 49 20 44 4B 1E AF B2 AA 4A C1 2B D1 44 2B 82 1F 52 EC E7 4B
PCR-02: 38 53 A8 EF 61 83 59 ED 7F 7F 2E CC 7B C8 D2 F3 87 EB 7C 55
PCR-03: 2C 2F B4 2A 15 36 B2 28 C6 01 40 D8 64 D7 30 7F AA 6D 91 54
PCR-04: 2E CF 07 F9 C7 30 B4 4C EE 19 7B 0D 36 4E EE 6C F1 36 57 F6
PCR-05: 38 70 21 67 DB 54 96 54 A1 4F 45 5F 6A 32 42 EF EC 51 21 F5
PCR-06: 17 74 56 21 A9 45 7A 43 5C AD 2E 9E 96 4C EE 6B 6C EC FA 25
PCR-07: E3 0D 10 07 E5 38 19 5D 25 1E 8E 49 6E DE BF 8F AE 38 20 21
PCR-08: B9 1D 40 71 B0 AB AF 01 BD 14 1D 2B 7C 5B AF 66 9A B7 2C 00
PCR-09: D3 D4 51 B9 CA 9D FE 28 DC 5E AD 02 9A 84 44 67 49 48 0A 87
PCR-10: 6A 30 46 F0 4E DC D3 A8 A5 4F 4C 26 0F 64 63 0C 83 83 C7 3A
PCR-11: 42 5D 51 0A 0B 91 4C A3 1F 76 26 98 A8 97 8C 32 46 A0 92 6F
PCR-12: BD 7D 9D 93 C7 B2 17 80 38 E3 55 E9 45 19 3B 55 0A 3F EF 06
PCR-13: 39 0B 31 0A 42 EC 07 07 A2 02 E5 A6 D3 CB 8E BB 33 FD 7C 0D
PCR-14: 98 BB 81 70 A6 F3 7B 3A 4B 79 45 C0 15 2F DC EE 5F A1 1F 3B
PCR-15: 06 86 9D E0 B9 0E 0E D6 12 37 5C 9C 68 74 67 D2 7E 47 7B D4
PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

# reboot
# cat /sys/class/misc/tpm0/device/pcrs

PCR-00: 9A D9 2D 86 9D 81 BD 58 08 7C F7 8E C6 31 CB BF 0C 9D 0D 28
PCR-01: 2E 0D 03 0E 76 63 BE 09 DC 86 E8 1F 54 C2 3E 7C C7 C6 AD 9D
PCR-02: 4A A6 1A 10 8B 42 18 05 C9 61 E7 CD 1C BD 6A E9 02 F3 CC E0
PCR-03: 3A E2 33 E3 2D 76 3C A6 0D 40 BB 50 AC 28 20 CC A4 57 63 43
PCR-04: 60 19 D2 55 90 F7 D4 69 01 F2 18 1A AD 54 5A 77 11 CE 28 9E
PCR-05: 03 24 C9 EE A6 AE 65 65 51 1A 5B F2 68 2B C0 0F 56 48 80 31
PCR-06: 17 74 56 21 A9 45 7A 43 5C AD 2E 9E 96 4C EE 6B 6C EC FA 25
PCR-07: E3 0D 10 07 E5 38 19 5D 25 1E 8E 49 6E DE BF 8F AE 38 20 21
PCR-08: B9 1D 40 71 B0 AB AF 01 BD 14 1D 2B 7C 5B AF 66 9A B7 2C 00
PCR-09: D3 D4 51 B9 CA 9D FE 28 DC 5E AD 02 9A 84 44 67 49 48 0A 87
PCR-10: 6A 30 46 F0 4E DC D3 A8 A5 4F 4C 26 0F 64 63 0C 83 83 C7 3A
PCR-11: 42 5D 51 0A 0B 91 4C A3 1F 76 26 98 A8 97 8C 32 46 A0 92 6F
PCR-12: BD 7D 9D 93 C7 B2 17 80 38 E3 55 E9 45 19 3B 55 0A 3F EF 06
PCR-13: 39 0B 31 0A 42 EC 07 07 A2 02 E5 A6 D3 CB 8E BB 33 FD 7C 0D
PCR-14: 98 BB 81 70 A6 F3 7B 3A 4B 79 45 C0 15 2F DC EE 5F A1 1F 3B
PCR-15: 06 86 9D E0 B9 0E 0E D6 12 37 5C 9C 68 74 67 D2 7E 47 7B D4
PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

How do I reset the PCR0? I'm not able to understand why the values of PCRs 1-15 also got modified. I also tried extending on the PCR16 and it also didn't get reset on reboot.

Mart 2017
P S Ç P C C P
 12345
6789101112
13141516171819
20212223242526
2728293031  

Son Yazılar

Son Yorumlar