I have a question about PCRs. The TCG specs say that they must be held in the RTS (2.4 - TPM Design), does that mean that both confidentiality & integrity of PCRs is guaranteed ? Neither TCG nor your docs specify this...
The only thing that is said is that with TPM_Seal and TPM_Unseal, data is encrypted + internal hash (your doc 3.4)... but if we do not perform any TPM_Seal, what guarantees that the PCR values fixed by TPM_Extend are not modified ?
Sorry about the long delay, but the person who can answer this is currenty busy working on his Phd. He will get back to you as soon as he gets some time.
Axelle, sorry for the delay---I just had a qualifying exam last week. Confidentiality and integrity of the PCRs are not guaranteed in the general case as I understand it.
Assume I have some application which extends a value to a PCR, and then does a TPM_Seal. The Seal will encrypt the data with the TPM's secret and produce a "blob" which goes to disk. The values of the chosen PCRs at the time of sealing are containted in the blob.
When someone attempts to do a TPM_Unseal on that specific blob, they will succeed only if the chosen PCRs at the time of Unseal match the values of those PCRs at the time of Seal (remember, these values are contained in the blob itself). Note that there are some other checks, such as an integrity check of the blob itself.
If they match, the data is decrypted, otherwise the Unseal fails. So, if I seal something, Omen does an Extend one of the PCR which I have chosen in my seal, and then I try to unseal, my call will fail.
Does that answer your question?
Thanks for your reply. Actually, maybe my question should rather be redirected to some TCG mailing-list (but I don't know any public one) ;-)
If I understand well your answer, you tell me that PCRs by themselves are not necessarily secured (confidentiality, integrity), but that they are secured when somebody binds them to data using TPM_Seal or Unseal.
I don't totally agree... because
1/ I think that PCRs & the sealing mechanism are 'independant'. I mean, I could use PCRs and never seal anything... Couldn't I ? Well, at least, it would have a sense if the PCRs have integrity guaranteed.
2/ the specs of TCG do say that PCRs should be kept in the Protected Storage area. To me, this means they are encrypted and sealed (using the SRK some way or another). Unless my deduction is wrong...
- do you think I misunderstand TCG ?
- if not, do you know if the TPM you used enforces this integrity for PCRs one way or another ? or do you, in the enforcer module, enforce this integrity ?
Log in to post a comment.