What are PCRs in a TPM and how are they used in attestation?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Trusted Agent Exam with engaging questions, flashcards, and detailed explanations. Dive deep into essential topics to increase your chances of success. Ace your exam with confidence!

Multiple Choice

What are PCRs in a TPM and how are they used in attestation?

Explanation:
PCRs are the TPM’s way of recording the system’s state over time. Each PCR holds a digest that represents the measurements that have been performed on the platform. When the system boots and as components run, their measurements (hashes of code or configuration) are combined with the current PCR value through an extend operation, producing a new digest. This extension creates a tamper-evident chain that reflects the entire boot process and relevant runtime events. In attestation, the TPM can produce a quote over selected PCRs. This quote is a digital signature created with the TPM’s private key, and it typically includes a nonce from the verifier to prevent replay. By signing the PCR values, the TPM provides proof to a verifier that the reported platform state is genuine and corresponds to what the device measured, allowing the verifier to check whether the system is in a trusted state. That combination—PCRs storing a digest of measured values, being extended during boot and runtime events, and attestation quotes signing those PCR values to prove platform state to a verifier—best captures how PCRs function and how they’re used in attestation. The other options are incomplete or incorrect: PCRs do not simply store raw measurements, they store a digest that evolves via extension; they are not used to encrypt data at rest; and they are not exclusive to software TPMs.

PCRs are the TPM’s way of recording the system’s state over time. Each PCR holds a digest that represents the measurements that have been performed on the platform. When the system boots and as components run, their measurements (hashes of code or configuration) are combined with the current PCR value through an extend operation, producing a new digest. This extension creates a tamper-evident chain that reflects the entire boot process and relevant runtime events.

In attestation, the TPM can produce a quote over selected PCRs. This quote is a digital signature created with the TPM’s private key, and it typically includes a nonce from the verifier to prevent replay. By signing the PCR values, the TPM provides proof to a verifier that the reported platform state is genuine and corresponds to what the device measured, allowing the verifier to check whether the system is in a trusted state.

That combination—PCRs storing a digest of measured values, being extended during boot and runtime events, and attestation quotes signing those PCR values to prove platform state to a verifier—best captures how PCRs function and how they’re used in attestation. The other options are incomplete or incorrect: PCRs do not simply store raw measurements, they store a digest that evolves via extension; they are not used to encrypt data at rest; and they are not exclusive to software TPMs.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy