Introduction
Platform Configuration Register 1 (PCR 1) is typically designated for measuring Host Platform Configuration data. For a measurement to be reliable across boots, the underlying configuration data should be statically configured and unchangeable, otherwise, the PCR value will inherently change.
The following table provides a comprehensive list of events typically measured into PCR 1 based on “TCG PC Client Platform Firmware Profile Specification Level 00 Version 1.06 Revision 52 Family “2.0”.
Note that not all OEMs or firmware implementations strictly adhere to specification guidelines, and some may not record all of the listed events in PCR 1. Therefore, without access to both the pre- and post-change TPM event logs, it can be challenging to accurately identify the specific cause of a change. The most common cause is a modification in the boot order, often triggered by inserting or removing a bootable device.
| Measured Component or Event | Description |
|---|---|
| CPU Microcode | Measurement of the Microcode or the Microcode Firmware Volume (FV). A change in the individually-used Microcode patch loaded at runtime will cause the measurement digest to change. |
| SMBIOS Table (Filtered Data) | Measurement of the SMBIOS table. Changes to the measured portions of the SMBIOS configuration data (excluding dynamic or unique instance data like SerialNumber or WakeupType) will change the digest. |
| Setup Configuration Data | Measurement of security related configuration data from non-volatile storage, such as UEFI setup variable or CMOS. Changes to these OEM specific data or policy configurations will alter the measurement. |
| UEFI Boot Variables | Measurement of UEFI boot related variables, such as "Boot####" and "BootOrder", using EV_EFI_VARIABLE_BOOT or EV_EFI_VARIABLE_BOOT2. Changes to the boot order or boot options will change PCR 1. |
| Hardware Device List | Measurement of the hardware device list using EV_TABLE_OF_DEVICES. Changes in the presence or enumeration of devices on the platform will affect this list's measurement. |
| Non-Host Platform Configuration | Measurement of non-host platform configuration using EV_NONHOST_CONFIG, if the configuration can only be updated by the platform firmware. A firmware update or manual change to this restricted configuration data would change PCR 1. |
| Entering ROM Based Setup Action | Measurement of the action "Entering ROM Based Setup" with EV_ACTION for a setup utility. If a platform is configured to measure this action, merely entering the utility will change the PCR 1 measurement chain compared to a boot that bypasses setup. |
| Configurable Measurement Flags | Measurement of which optional PCR measurements (e.g., SMBIOS, BIS Certificate, ESCD) are currently enabled or disabled, recorded via EV_PLATFORM_CONFIG_FLAGS. Toggling these settings changes the measurement digest for PCR 1. |
| UEFI Policy Variables (Deployed/Audit Mode) | Measurement of DeployedMode and AuditMode variable values (if supporting UEFI 2.5+). If the platform supports changing these variables between initial measurement and ExitBootServices(). |
| Error Status Cap/Separator | Extension of the digest value 00000001h into PCR (including PCR 1) with an EV_SEPARATOR event if a platform error occurs during initialization (e.g., failure recording SRTM, POST BIOS, or Embedded Option ROMs). This action caps the PCR to an invalid state. |
| TPM Hiding/Disabling | If the TPM transitions to a state where it is hidden or disabled (per firmware policy), PCR are capped with a digest of 00000000h or FFFFFFFFh prior to the Ready to Boot call, ensuring the value changes based on the platform's security policy enforcement. |
Next Steps
- Overview of the Trusted Platform Module in EVE-OS
- Remote Attestation Overview
- TPM PCR Index Security Implications
- Factors Affecting PCR[1] TPM Register
- Host Platform Configuration (PCR 1) Interpretation Guide - You are here!
- Manage PCR Templates
- Configure an attestation policy in your project.
- Use EVE-OS Local UI to analyze attestation issues.