TPM (Trusted Platform Module) is a hardware-based security technology that protects system integrity by securely storing cryptographic keys and measurements. It supports functionalities such as secure boot, attestation, and encryption.
NVOS measures the boot chain into TPM 2.0 PCR banks (SHA-384). Each PCR captures a specific stage of the boot process via extend operations.
-
PCR 0 — Platform firmware (UEFI): measured by the UEFI firmware at power-on.
-
PCR 4 — Boot loader chain: Includes Shim binary, GRUB binary, and kernel image. Measurements are performed sequentially: UEFI measures Shim, Shim measures GRUB, and GRUB measures the kernel..
-
PCR 7 — Secure Boot policy: Includes the certificates used for verify the various secure boot components. Measured by the UEFI firmware and Shim.
TPM Commands
Last updated: