How does measured boot work using TPM
Within the measured boot process, consider a scenario where I aim to create a measurement for a specific piece of code, perhaps, for illustrative purposes, a potentially malicious operating system. so i know that the PCR is read and extend only.
My understanding is that the firmware manually reads and hashes the boot loader sector, initiating the measurement (correct me if im wrong on this one). Subsequently, when the bootloader proceeds to measure the OS, does it engage in a similar process of manually hashing the entire OS, or does the OS autonomously measure itself? If it is the latter, what safeguards exist to prevent a malicious OS from providing a hash of a legitimate OS, creating therefore an authentic PCR? Conversely, if the former is the case, doesn't hashing the entire OS seem somewhat resource-intensive?
PS: I'm asking about this because if I want to make remote attestation of another device, how can i make sure that the PCR values are authentic and all the components in the boot chain are correct and not malicious and providing correct hashes.
