[Trustedgrub-users] Confusion about who or what verifies the PCRs

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Someone please tell me if I was under the false impression that during stages of the boot, the bootloader would verify the PCR contents match certain values, like PCR 14 matches the kernel and modules.

What I have seen:
PCRs 12, 13, and 14 do not always stay the same between boots of the system, based on alternative boots and checkfiles specified in menu.lst. Moreover, the verification of the PCRs seems to be done outside of TrustedGRUB. Perhaps with a encrypted file of expected PCRs?

A program can always get the PCRs by reading /sys/class/misc/tpm0/device/pcrs

One excerpt from http://resources.infosecinstitute.com/linux-tpm-encryption-initializing-and-using-the-tpm/

"TrustedGRUB is an extension to a normal GRUB boot loader, which has been modified to support the TPM. We can use TrustedGRUB to connect to the TPM and measure the binary configuration and store the resulting measurements in the Platform Configuration Registers (PCR) in the TPM. These registers can then be used to verify the software configuration running on the TPM-enabled platform."

When he says these registers CAN BE USED TO VERIFY, he seems to be saying the verification is done outside TrustedGRUB.

Exerpt from http://courses.cs.washington.edu/courses/cse550/10au/other_for_site/cse551_final_paper_draft5_final.pdf:

3.1 Verifying That Registers Change
Using TPM tools once the operating system has booted, we are able to do some basic functions with the TPM from the command line. One important thing to observe is that the hashed values in the PCRs actually change when the code being loaded changes. TrustedGRUB gives us options of which kernel and modules to load. By selecting two different kernels to load from the boot-menu, we have verified that the hashes change. Figure 3 illustrates the PCR digest from two different boots with different kernels being loaded. Changes are highlighted in bold.
As expected, PCRs 12 and 14 are different. PCR12 is the hash of the command line arguments selected from the boot menu and PCR 14 is the hash of the kernel code being loaded.
Similarly we observed that adding a three line script to a directory of startup programs changed PCR-14 thus validating that small changes result in different hashes as well as large changes like loading a different kernel.

Kernel: 2.6.28-16-generic
PCR-00: F6 44 C8 1F FE D3 62 65 BE EE 8D 72 BC 5A 45 E3 B1 B9 CF F2 PCR-01: A8 9F B8 F8 8C AA 95 90 E6 12 9B 63 3B 14 4A 68 51 44 90 D5 PCR-02: A8 9F B8 F8 8C AA 95 90 E6 12 9B 63 3B 14 4A 68 51 44 90 D5 PCR-03: A8 9F B8 F8 8C AA 95 90 E6 12 9B 63 3B 14 4A 68 51 44 90 D5 PCR-04: 42 96 8A 3A 55 E1 67 1B D5 09 B3 9B C7 52 34 6D 70 9A FE CB PCR-05: 1F 9A E5 C6 58 5A 57 C6 3B 93 FB FC A9 C0 7A 0E E4 F1 10 A6 PCR-06: A8 9F B8 F8 8C AA 95 90 E6 12 9B 63 3B 14 4A 68 51 44 90 D5 PCR-07: A8 9F B8 F8 8C AA 95 90 E6 12 9B 63 3B 14 4A 68 51 44 90 D5 PCR-08: 94 C3 C8 5F 09 EC 25 C2 C6 05 BA F7 2E CB 49 F9 7E E6 C0 FC PCR-09: 93 CD A5 03 69 E2 41 BD BF 8B 22 D5 8B 07 21 6E F0 BF 7B 44 PCR-10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-12: 17 AE 0B D7 E1 B6 8C FE E0 4C 77 E1 B6 C1 ED 2C D3 1E A9 6B PCR-13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-14: BC 09 40 C2 25 76 2C 23 5D 0F 58 26 6C 10 6D BD 9C 4B C4 D5 PCR-15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Kernel: 2.6.28-11-generic
PCR-00: F6 44 C8 1F FE D3 62 65 BE EE 8D 72 BC 5A 45 E3 B1 B9 CF F2 PCR-01: A8 9F B8 F8 8C AA 95 90 E6 12 9B 63 3B 14 4A 68 51 44 90 D5 PCR-02: A8 9F B8 F8 8C AA 95 90 E6 12 9B 63 3B 14 4A 68 51 44 90 D5 PCR-03: A8 9F B8 F8 8C AA 95 90 E6 12 9B 63 3B 14 4A 68 51 44 90 D5 PCR-04: 42 96 8A 3A 55 E1 67 1B D5 09 B3 9B C7 52 34 6D 70 9A FE CB PCR-05: 1F 9A E5 C6 58 5A 57 C6 3B 93 FB FC A9 C0 7A 0E E4 F1 10 A6 PCR-06: A8 9F B8 F8 8C AA 95 90 E6 12 9B 63 3B 14 4A 68 51 44 90 D5 PCR-07: A8 9F B8 F8 8C AA 95 90 E6 12 9B 63 3B 14 4A 68 51 44 90 D5 PCR-08: 94 C3 C8 5F 09 EC 25 C2 C6 05 BA F7 2E CB 49 F9 7E E6 C0 FC PCR-09: 93 CD A5 03 69 E2 41 BD BF 8B 22 D5 8B 07 21 6E F0 BF 7B 44 PCR-10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-12: BF F2 05 B6 B0 41 4A B8 5C 76 85 F8 34 3D 0D D9 A0 4C 22 2C PCR-13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-14: 23 88 21 8F 0E A8 12 C7 0D EB A1 C6 1C A1 CC 4A 78 8B 25 69 PCR-15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Note that PCRs 12 and 14 are different between the two.