TPM PCRs: Volatile or Non-Volatile?

TL;DR

TPM Platform Configuration Registers (PCRs) are mostly non-volatile, but understanding their behaviour requires knowing how they’re used and the specific TPM version. They store hashes of boot components – changes to these components mean PCR values change. While designed for persistence, certain events can cause resets or clearings.

Understanding TPM PCRs

TPM PCRs are crucial for secure boot and measured boot processes. They act as a root of trust, verifying the integrity of your system before sensitive operations (like disk encryption) happen. Here’s how they work:

1. What they store: PCRs don’t store files directly. They hold cryptographic hashes (think unique fingerprints) of boot components – BIOS/UEFI, boot loaders, operating system files, etc.
2. Registers: There are multiple PCR registers (0-23 generally), each measuring a different part of the boot process.
3. Non-Volatile Core: The core idea is that these hashes should persist across reboots, providing a reliable record of what’s been loaded.

Are PCRs Volatile?

The short answer is ‘it’s complicated’. They are designed to be non-volatile but aren’t immune to changes.

1. Normal Operation (Non-Volatile): During a typical boot, the TPM measures each component and updates the corresponding PCR. These values are stored in non-volatile memory within the TPM chip itself. Power loss shouldn’t affect them.
2. PCR Reset/Clear: Several events can reset or clear PCRs:
   • TPM Clear Command: A deliberate command to erase all TPM data, including PCR values. This is often done during system re-imaging or major configuration changes.
   • BIOS Changes: Significant BIOS/UEFI updates can invalidate existing PCRs. The TPM will need to re-measure the new BIOS version.
   • Boot Order Changes: Altering the boot order can also trigger a re-measurement, changing PCR values.
   • Firmware Updates: Updating the TPM firmware itself usually involves clearing its state, including PCRs.
   • Physical Tampering: Physical attacks on the TPM chip could compromise its integrity and potentially alter PCR values (though modern TPMs have tamper-resistant features).

Checking PCR Values

You can check the current PCR values using tools like tpm2_tools. Here’s how:

1. Install tpm2-tools: On Debian/Ubuntu:

   sudo apt update && sudo apt install tpm2-tools

2. Get PCR Values: Use the tpm2_pcrread command. For example, to read all PCRs (0-7):

   tpm2_pcrread 0 7

   This will output a list of PCR numbers and their corresponding hash values.

3. Interpreting the Output: The output shows the current state of your boot measurements. If you suspect changes, compare these values to known good states (e.g., after a clean install).

TPM Versions and PCR Behaviour

Different TPM versions have slightly different features and behaviours:

• TPM 1.2: Older version, generally less flexible than TPM 2.0.
• TPM 2.0: The current standard. Offers more PCRs, better security features, and improved flexibility in managing measurements. It also supports multiple PCR banks for different measurement scenarios.

Practical Implications

1. BitLocker/Disk Encryption: If BitLocker (or similar) is tied to the TPM, changes to PCR values can prevent decryption of your hard drive until you provide the recovery key.
2. Secure Boot: PCRs are essential for verifying the integrity of the boot process in Secure Boot environments.
3. Remote Attestation: PCR values can be used to remotely verify the state of a system, ensuring it hasn’t been tampered with.