2

I want to have all PCRs (0-23) in sha1 and sha256 banks, but now I only have sha256 set and sha1 is empty but exists, tpm2_pcrread outputs:

  sha1:
  sha256:
    0 : 0xC373FA10837B62B48E9CA87E5F31440FCDC8F5C51FB1BF0FC72D4E241E680ABC
    1 : 0x6182DB76DAE2E1F0540C5EFAB413141D2F1957BA4F1344087A744CD36B34D1A1
    2 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
    3 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
    4 : 0x30FBEFFB0D106992F28146DEDF62A2154164585F9606ACBDAB9FD4FA89806FD9
    5 : 0x514DDD32584089DC386AD6C28FD03B70D42AAE7B7029A0899A9287BE6646D7EB
    6 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
    7 : 0x65CAF8DD1E0EA7A6347B635D2B379C93B9A1351EDC2AFC3ECDA700E534EB3068
    8 : 0x0000000000000000000000000000000000000000000000000000000000000000
    9 : 0x0000000000000000000000000000000000000000000000000000000000000000
    10: 0xA63AFE1C978C162B2D0BCEC08ABC0D1F31D7988D7A9F3CC0AB9A48A34399573A
    11: 0x0000000000000000000000000000000000000000000000000000000000000000
    12: 0x0000000000000000000000000000000000000000000000000000000000000000
    13: 0x0000000000000000000000000000000000000000000000000000000000000000
    14: 0x0000000000000000000000000000000000000000000000000000000000000000
    15: 0x0000000000000000000000000000000000000000000000000000000000000000
    16: 0x0000000000000000000000000000000000000000000000000000000000000000
    17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    23: 0x0000000000000000000000000000000000000000000000000000000000000000

I tried tpm2_pcrallocate, because as written here by default it allocates sha1 and sha256:

If no allocation is given, then SHA1 and SHA256 banks with PCRs 0 - 23 are allocated.

but I got error message instead:

WARNING:esys:src/tss2-esys/api/Esys_PCR_Allocate.c:321:Esys_PCR_Allocate_Finish() Received TPM Error 
ERROR:esys:src/tss2-esys/api/Esys_PCR_Allocate.c:114:Esys_PCR_Allocate() Esys Finish ErrorCode (0x000009a2) 
ERROR: Could not allocate PCRs.
ERROR: Esys_PCR_Allocate(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR: Unable to run tpm2_pcrallocate

AFAIK, for TPM 1.2 this is not possible, because of "hard-coded" hash algorithm, but for TPM 2.0 (that I have) I'm able to choose several algorithms for PCR banks.

So, can you help me to solve this issue?

k1r1t0
  • 123

1 Answers1

1

This can only be changed through system firmware – the operation done by tpm2_pcrallocate requires "platform" authorization, which means it can only be performed by system firmware and not by the OS.

(The purpose of having such commands in /bin is for use with software TPM emulators that start in a completely empty state – e.g. QEMU may act in the "platform" role to configure swtpm before booting up a VM – but they're useless against physical TPMs where the real firmware has already initialized the TPM by the time any user-controlled code starts.

Besides that, it would be pointless to change PCR allocations once the system is already up and running, because you would only get all-zeros PCRs with no events logged to them; what makes PCR values useful is the events logged by firmware and bootloaders before the OS starts.)

It seems that TCG EFI protocol (available to bootloaders) has the SetActivePcrBanks() function which is supposed to tell the firmware to start allocating different PCR banks starting with next reboot, but I don't know any existing tools which would let you conveniently call this function.

AFAIK, for TPM 1.2 this is not possible, because of "hard-coded" hash algorithm, but for TPM 2.0 (that I have) I'm able to choose several algorithms for PCR banks.

Yes, but no – what this means is that the APIs and data structures support algorithm flexibility, allowing the TPM to support non-SHA1 algorithms (and/or more than one algorithm at a time) – e.g. the "extend value" field in the TCG Event Log has been changed from a fixed 20-byte field to a variable-length array of variable-length hashes – however, it does not necessarily mean that the number of available algorithms must be more than one.

The TCG "PC Client Platform Profile for TPM 2.0" specification lists two hash algorithms as mandatory to implement, but it's the firmware that chooses which ones to actually enable at boot time (and it's permitted for a TPM to support fewer active banks than algorithms). Note that SHA-1 is no longer a "mandatory" algorithm – it has been replaced with SHA-384 in more recent versions of the specification, so it's entirely compliant to have a system that only offers SHA-256 but not SHA-1.

grawity
  • 501,077