I’m reading about TPMs and I’m currently thinking how to visualize their relationships.
Basically reading from https://link.springer.com/chapter/10.1007/978-1-4302-6584-9_12 (and the TPM documents) I gather the following:
PCR: It is a memory register that stores output of a hash algorithm. A PCR can store the output of more than one hash algorithm. An example is the output of 256 bits for SHA-256.
Question: Can a PCR store simultatenously output from multiple types of hash algorithms? Or are PCRs are tied to some specific hash algorithm? I think only the latest hashed value of any given operation is saved (and concatenated with the previous). But I’m not sure if multiple hash algorithms can use the same PCRs simultanously (e.g. like operating shadow registers or a stack).
PCR bank: a PCR bank is a set, or a collection, of PCRs that are used to store the output of the same type of a hash algorithm. As for an example, output of SHA-256 or a SHA-1 algorithm would be disjoint PCR banks. However, I don’t know if the underlying PCRs used by these banks could be the same. So, effectively a PCR bank would be a way to group PCRs together logically but they could use the same underlying PCRs.
PCR Index: Points to some PCR.
PCR Attribute: This is some attribute a PCR has, such as being resettable. If attribute is applicable to some index location in one bank, it is applicable across all PCR banks on the same index.
Not all PCR banks are required to have the same number of PCRs, so they need to not to be equally large.
The main reason I’m considering visualization is that I’m not sure how should one understand PCR indexing and attributes. The usual images online are like
PCR(0) = (what's in this this cell?) PCR(1) = . . . PCR(23) = (what's in this scell)
But if the idea is like
PCR(Index), then what is the size and number of each of the cells? Is there only one cell width of which is the maximum width needed to store output of the hash algorithm that produces the longest output? Or does it mean there are multiple cells of some fixed with?
That is, if there’s both SHA-1 and SHA-256, then
PCR(23).length = 256 bits or
PCR(23)(0).length = 256 bits?
I also think the case of
attribute confuse me here. I.e. is it so that for each of those indexes
PCR(n) there are multiple cells of length denoted by the hashing algorithm? It makes me feel there should be a concept of
attribute index, which would index this system like matrix:
(Attr1) (Attr2) PCR(0) = (pcr0-0), (pcr0-1), ... (???) PCR(1) = (pcr1-0), (pcr1-1), ... (???) . . . PCR(23) = (pcr23-0), (pcr23-1), ... (???)
So I’m trying to understand how PCRs related to indexes and attributes. I may come across unclear as this feels a bit confusing.