https://stackoverflow.com/questions/19613658
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianI assume you mean a TPM version 1.2 on a PC platform, so the following specification documents are of interest for you:
Now to your questions:
"How to extend the running application into PCR?"
You need some piece of software that identifies "the running application" (=measure) and issue a
TPM_Extendcommand to the TPM. Usually this is done through a TSS, but you can also do that with a self written program, theTPM_Extendcommand is not that complex.Identifying means calculating a SHA-1 hash in most cases, but the TPM does not care. The description of the data you provide is:
The 160 bit value representing the event to be recorded."Which PCR can be used for it?"
This depends on your actual environment. Access to PCRs are controlled by localities. Here is a table showing which PCR can be extended in which locality:
PCR Alias (description) Extendable in localities ----------------------------------------------------------------- 0-15 Static RTM 4,3,2,1,0 16 Debug 4,3,2,1,0 17 Locality 4 4,3,2 18 Locality 3 4,3,2 19 Locality 2 3,2 20 Locality 1 3,2,1 21 Dynamic OS controlled 2 22 Dynamic OS controlled 2 23 Application Specific 4,3,2,1,0Which locality you are in depends on your environment. If you are in a Linux userspace, for exmaple, you have locality 0.
If you are designing a trusted architecture you will also have to consider how the PCRs can be reset (in which localities).
The localities are described in TCG PC Client Specific TPM Interface Specification (TIS):
Locality 4: Trusted hardware component. This is used by the D-CRTM to establish the Dynamic RTM.
Locality 3: Auxiliary components. Use of this is optional and, if used, it is implementation dependent.
Locality 2: Dynamically Launched OS (Dynamic OS) “runtime” environment.
Locality 1: An environment for use by the Dynamic OS.
Locality 0: The Static RTM, its chain of trust and its environment.
