0

I read that TPM takes measurements of all critical components and writes their hashes to its PCR registers at boot time.

Does TPM also take measurement at run time or during when these components are in operation?

slal
  • 23
  • 1
  • 8

1 Answers1

1

The TPM itself does not take any measurments at all. Also not at boot time. It is a place where a trust enabled piece of code can store measurements in a tamper proof way.

During boot, the measurments are taken by the firmware (BIOS, UEFI) and stored in the TPM. It is possible to configure your system in a way that also after the firmware has finished, additional measurements are taken. Like a trusted boot loader.

If you are interested in extending the chain of trust further to every executed bit of code, projects like IBM's Integrity Measurement Architecture are worth looking at. However, I consider those measurements pointless. What do you do with these? There are rarely any casese where you can actually verify that a certain chain of measurements is trusted.

You may also write your own piece of software that stores measurements at any given time or use tools like jTSS, TrouSerS or IBM's libtpm tools.

Scolytus
  • 16,338
  • 6
  • 46
  • 69
  • Thanks for the clarifying it. I came to know about Linux based tool called trusted boot (tboot) http://sourceforge.net/projects/tboot/ It seems that this tool only measures the hashes and populate theTPM PCR values at boot time. Do you know any tool which can takes measurement at run time? – slal Jan 19 '16 at 15:31