您的位置: 首页  >  技术问答  >  如何将正在运行的应用程序扩展到PCR?

如何将正在运行的应用程序扩展到PCR?

分类: 技术问答 2022-07-14 17:21:03
问题描述:

如何将正在运行的应用程序扩展到PCR?可以使用哪种PCR?

How to extend the running application into PCR? and Which PCR can be used for it?

我假设您的意思是PC平台上的TPM版本1.2,所以您会感兴趣以下规范文档:

I assume you mean a TPM version 1.2 on a PC platform, so the following specification documents are of interest for you:

  • TPM Main Part 2 TPM Structures
  • TCG PC Client Specific TPM Interface Specification (TIS)

现在您的问题是

  1. 如何将正在运行的应用程序扩展到PCR?"

  1. "How to extend the running application into PCR?"

您需要一些用于识别"正在运行的应用程序"(= 措施)的软件 并向TPM发出TPM_Extend命令.通常,这是通过TSS完成的,但是 您也可以使用自己编写的程序来执行此操作,TPM_Extend命令不是 复杂.

You need some piece of software that identifies "the running application" (=measure) and issue a TPM_Extend command to the TPM. Usually this is done through a TSS, but you can also do that with a self written program, the TPM_Extend command is not that complex.

识别表示在大多数情况下计算SHA-1哈希,但是TPM不在乎.这 您提供的数据的说明是:

Identifying means calculating a SHA-1 hash in most cases, but the TPM does not care. The description of the data you provide is:

The 160 bit value representing the event to be recorded.

  • 可以使用哪种PCR?"

  • "Which PCR can be used for it?"

    这取决于您的实际环境.通过位置控制对PCR的访问. 下表显示了可以在哪个位置扩展哪个PCR:

    This depends on your actual environment. Access to PCRs are controlled by localities. Here is a table showing which PCR can be extended in which locality:

    PCR       Alias (description)         Extendable in localities
-----------------------------------------------------------------
0-15      Static RTM                  4,3,2,1,0
16        Debug                       4,3,2,1,0
17        Locality 4                  4,3,2
18        Locality 3                  4,3,2
19        Locality 2                    3,2
20        Locality 1                    3,2,1
21        Dynamic OS controlled           2
22        Dynamic OS controlled           2
23        Application Specific        4,3,2,1,0

    您所处的位置取决于您的环境.如果您在Linux用户空间中, 例如,您的地区为0.

    Which locality you are in depends on your environment. If you are in a Linux userspace, for exmaple, you have locality 0.

    如果您要设计一个受信任的体系结构,则还必须考虑PCR的方式 可以重置(在哪个位置).

    If you are designing a trusted architecture you will also have to consider how the PCRs can be reset (in which localities).

    TCG PC客户端特定的TPM接口中描述了位置. 规范(TIS) :

    The localities are described in TCG PC Client Specific TPM Interface Specification (TIS):

    • 位置4:受信任的硬件组件. D-CRTM使用它来建立 动态RTM.

    • Locality 4: Trusted hardware component. This is used by the D-CRTM to establish the Dynamic RTM.

    位置3:辅助组件.使用此为可选,如果使用,则为 取决于实现.

    Locality 3: Auxiliary components. Use of this is optional and, if used, it is implementation dependent.

    位置2:动态启动的OS(动态OS)运行时"环境.

    Locality 2: Dynamically Launched OS (Dynamic OS) "runtime" environment.

    位置1:动态OS使用的环境.

    Locality 1: An environment for use by the Dynamic OS.

    位置0:静态RTM,其信任链和环境.

    Locality 0: The Static RTM, its chain of trust and its environment.

    • 相关推荐