deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3400 from RonaldAi/patch-5

Browse Source 
Add links to TCG algorithm registry
This commit is contained in:
Justin Hall
2019-04-30 07:31:05 -07:00
committed by GitHub
parent b4acb34f80 1cb43ed6a9
commit 0c9d9a23d4
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
View File

@ -56,7 +56,7 @@ A TPM can be configured to have multiple PCR banks active. When BIOS is performi
- Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br> - Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
- DWORD: TPMActivePCRBanks<br> - DWORD: TPMActivePCRBanks<br>
- Defines which PCR banks are currently active. This is a bitmap defined in the TCG Algorithm Registry.<br> - Defines which PCR banks are currently active. (This value should be interpreted as a bitmap for which the bits are defined in the [TCG Algorithm Registry](https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/) Table 21 of Revision 1.27.)<br>
Windows checks which PCR banks are active and supported by the BIOS. Windows also checks if the measured boot log supports measurements for all active PCR banks. Windows will prefer the use of the SHA-256 bank for measurements and will fall back to SHA1 PCR bank if one of the pre-conditions is not met. Windows checks which PCR banks are active and supported by the BIOS. Windows also checks if the measured boot log supports measurements for all active PCR banks. Windows will prefer the use of the SHA-256 bank for measurements and will fall back to SHA1 PCR bank if one of the pre-conditions is not met.
@ -64,7 +64,7 @@ You can identify which PCR bank is currently used by Windows by looking at the r
- Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br> - Registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\IntegrityServices<br>
- DWORD: TPMDigestAlgID<br> - DWORD: TPMDigestAlgID<br>
- Algorithm ID of the PCR bank that Windows is currently using. (For the full list of supported algorithms, see the TCG Algorithm Registry.)<br> - Algorithm ID of the PCR bank that Windows is currently using. (This value represents an algorithm identifier as defined in the [TCG Algorithm Registry](https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/) Table 3 of Revision 1.27.)<br>
Windows only uses one PCR bank to continue boot measurements. All other active PCR banks will be extended with a separator to indicate that they are not used by Windows and measurements that appear to be from Windows should not be trusted. Windows only uses one PCR bank to continue boot measurements. All other active PCR banks will be extended with a separator to indicate that they are not used by Windows and measurements that appear to be from Windows should not be trusted.