Skip to content

Appendix

PCR Definitions

Red Had Enterprise Linux

TPM 2.0

PCR Measurement Parameters Description Operating System
PCR 0

BIOS ROM and Flash Image

Initial Boot Block (Intel® BootGuard only)

This PCR is based solely on the BIOS version, and remains identical across all hosts using the same BIOS. This PCR is used as the PLATFORM Flavor.

(Intel® BootGuard only): Extends measurements based on the Intel® BootGuard profile configuration and production vs non-production ACM flags; ACM signature; BootGuard key manifest hash; Boot Policy Manifest Signature

  • All
PCR 7 Intel® BootGuard configuration and profiles Describes the success of the IBB measurement event.

  • All (Intel® BootGuard only)
PCR 17 ACM BIOS AC registration information
Digest of Processor S-CRTM
Digest of Policycontrol
Digest of all matching elements used by the policy
Digest of STM
Digest of Capability field of OsSinitData
Digest of MLE
For TA hosts, this PCR includes measurements of the OS, InitRD, and UUID. This changes with every install due to InitRD and UUID change.

  • VMware ESXi

  • Red Hat Enterprise Linux
PCR 18 MLE [Tboot +VMM] Digest of public key modulus used to verify SINIT signature
Digest of Processor S-CRTM
Digest of Capability field of OSSinitData table
Digest of PolicyControl field of used policy
Digest of LCP

  • VMware ESXi

  • Red Hat Enterprise Linux
PCR 19

OS Specific.

  • ESX and Trust Agent — non Kernel modules

  • Citrix Xen — OS

  • + Init RD + UUID

For ESXi and Trust Agent hosts, this PCR contains individual measurements of all of the non-Kernel modules.

For Linux hosts, this PCR is a measurement of the OS, InitRD, and UUID.

  • VMware ESXi

  • Red Hat Enterprise Linux

VMWare ESXi

TPM 1.2

PCR Measurement Parameters Description Operating System
PCR 0 BIOS ROM and Flash Image This PCR is based solely on the BIOS version, and remains identical across all hosts using the same BIOS. This PCR is used as the PLATFORM Flavor.

  • All
PCR 17 ACM This PCR measures the SINIT ACM, and is hardware platform-specific. This PCR is part of the PLATFORM Flavor.

  • VMware ESXi

  • Red Hat Enterprise Linux
PCR 18 MLE [Tboot +VMM] This PCR measures the tboot and hypervisor version. In ESXi hosts, only the tboot version is measured.

  • VMware ESXi

  • Red Hat Enterprise Linux
PCR 19

OS Specific.

  • ESX and Trust Agent — non Kernel modules

  • Citrix Xen — OS

  • + Init RD + UUID

For ESXi and Trust Agent hosts, this PCR contains individual measurements of all of the non-Kernel modules.

For Citrix Xen hosts, this PCR is a measurement of the OS, InitRD, and UUID.

  • VMware ESXi

  • Red Hat Enterprise Linux
PCR 20

For ESXi only.

VM Kernel and VMK Boot

 This PCR is used only by ESXi hosts and is blank for all other host types.

  • VMware ESXi
PCR 22 Asset Tag This PCR contains the measurement of the SHA1 of the Asset Tag Certificate provisioned to the TPM, if any.

  • VMware ESXi

TPM 2.0

VMWare supports TPM 2.0 with Intel TXT starting in vSphere 6.7 Update 1. Earlier versions will support TPM 1.2 only.

PCR Measurement Parameters Description Operating System
PCR 0 BIOS ROM and Flash Image This PCR is based solely on the BIOS version, and remains identical across all hosts using the same BIOS. This PCR is used as part of the PLATFORM flavor.

  • All
PCR 17 ACM This PCR measures the SINIT ACM, and is hardware platform-specific. This PCR is part of the PLATFORM Flavor.

  • VMware ESXi

  • Red Hat Enterprise Linux
PCR 18 MLE [Tboot +VMM] This PCR measures the tboot and hypervisor version. In ESXi hosts, only the tboot version is measured. This PCR is part of the PLATFORM Flavor.

  • VMware ESXi

  • Red Hat Enterprise Linux
PCR 19

OS Specific.

  • ESX and Trust Agent — non Kernel modules

  • Citrix Xen — OS

  • + Init RD + UUID

 For ESXi this PCR contains individual measurements of all of the non-Kernel modules – this includes all of the VIBs installed on the ESXi host. This is part of the OS flavor. Note that two ESXi hosts with the same version of ESXi installed may require different OS flavors if different VIBs are installed.

  • VMware ESXi

  • Red Hat Enterprise Linux
PCR 20

For ESXi only.

VM Kernel and VMK Boot

 This PCR is used only by ESXi hosts for some host-specific measurements, and is part of the host-unique flavor.

  • VMware ESXi
PCR 22 Asset Tag Asset Tag is not currently supported for TPM 2.0 with ESXi.

  • VMware ESXi

Attestation Rules

Platform TPM Flavor Type Rules to be verified Comments
RHEL 2.0 HARDWARE

PcrMatchesConstant rule for PCR 0

PcrEventLogIncludes rule for PCR 17 (LCP_DETAILS_HASH, BIOSAC_REG_DATA, OSSINITDATA_CAP_HASH, STM_HASH, MLE_HASH, NV_INFO_HASH, tb_policy, CPU_SCRTM_STAT, HASH_START, LCP_CONTROL_HASH)

PcrEventLogIntegrity rule for PCR 17

Evaluation of PcrEventLogIncludes would not include initrd and vmlinuz modules. They would be handled in host_specific flavor.

Evaluation of PcrEventLogIntegrity rule would also include OS modules (initrd & vmlinuz)
OS PcrEventLogIntegrity rule for PCR 17
ASSET_TAG AssetTagMatches rule
HOST_SPECIFIC PcrEventLogIncludes rule for PCR 17 (initrd & vmlinuz)
VMware ESXi 1.2 PLATFORM

PcrMatchesConstant rule for PCR 0

PcrMatchesConstant rule for PCR 17
OS

PcrMatchesConstant rule for PCR 18

PcrMatchesConstant rule for PCR 20

PcrEventLogEqualsExcluding rule for PCR 19 (excludes dynamic modules based on component name)

PcrEventLogIntegrity rule for PCR 19
ASSET_TAG PcrMatchesConstant rule for PCR 22
VMware ESXi 2.0 NOT SUPPORTED
Windows 1.2 PLATFORM PcrMatchesConstant rule for PCR 0
OS

PcrMatchesConstant rule for PCR 13

PcrMatchesConstant rule for PCR 14
ASSET_TAG AssetTagMatches rule
Windows 2.0 PLATFORM PcrMatchesConstant rule for PCR 0
OS

PcrMatchesConstant rule for PCR 13

PcrMatchesConstant rule for PCR 14
ASSET_TAG AssetTagMatches rule AssetTagMatches rule needs to be updated to verify the key-value pairs after verifying the tag certificate.
Back to top