[tboot-devel] Calculation of PCR 17

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi!

Now I'm trying to calculate PCR 17 by hand. I'm making only little progress on that issue. Here's 
what I'm doing, there are some Questions in there, what I haven't understood. The informations below 
are based on "Measured Launched Environment Developer's Guide - June 2008".

1) Set PCR to all 0s

2) Extend ( SHA-1( SinitMleData.SinitHash | SinitMleData.EdxSenterFlags ) )
   2a) concatenate SinitMleData.SinitHash and SinitMleData.EdxSenterFlags
       *) EdxSenterFlags are reported to be 0x00000000 - is that right?
       *) how can I calculate SinitHash on my own? tboot copies hole SINIT image to memory, but
          a hash over the image file isn't the same as SinitMleData.SinitHash

3) MLE Developer's Guide says that all other items are concatenated and extended at one single 
extend. Is that right?
   3a) MLE Dev Guid says "SHA-1 hash of BIOS ACM - SinitMleData.BiosAcmID"
       *) SinitMleData.BiosAcmID is not a hash, must it be hashed or not before concatenation?
       *) Where can I get the BiosAcmID of a system?
   3b) MsegValid is 8 byte data, but has only two possible values, 0x0 and 0x1, right?
       The only purpose is to indicate whether StmHash is a hash or 0s, right?
   3c) How is determined whether OsSinitData.Capabilities is extended or not?

4) tboot seems to extend SinitMleData.PolicyControl | SinitMleData.LcpPolicyHash after ML to PCR 17
    too. Why extend a second time?

any help would be appreciated,
greetz Michael