PCR
A QingTian Enclave instance's measurements include a series of hashes calculated using standard trusted measurements and are stored in the platform configuration registers (PCRs) of the QingTian Security Module (QTSM).
A QingTian Enclave instance's measurements can support a maximum of 32 PCRs. The QingTian Enclave system occupies the PCRs with indexes 0 to 15 (PCR0-PCR15), and the QingTian Enclave application can use the PCRs with indexes 16 to 31 (PCR16-PCR31).
Image verification is not performed for QingTian Enclave instances that are launched in debug mode. PCR0 to PCR15 used by QingTian Enclave system are made up entirely of zeros to prevent data leaks. Your QingTian Enclave application can continue to use PCR16 to PCR31.
System PCRs
PCR |
Measurement |
Remarks |
|---|---|---|
PCR0 |
QingTian Enclave image file |
A measurement of the contents of the QingTian Enclave image file, excluding the certificate and signature information |
PCR8 |
QingTian Enclave image file signing certificate |
A measurement of the signing certificate for the QingTian Enclave image file |
Currently, QingTian Enclave provides the measurements for PCR0 and PCR8 and it will have more measurements for future use.
- PCR0 is the measurement of the QingTian Enclave image file and is a determined value since the QingTian Enclave image file is built. Details of PCR0 are as follows:
EXTEND_PCR: index: 0 EXTEND_PCR: data: 0d1ae7330f437ee563178df30a7c7b7634125d31cac14f6784933db5e90080008438b38fdbb39c886ffe0586ab099b56 EXTEND_PCR res: data: b8c59692da8a5bcb739a83d15a0ceca670bd78da06cb2250ec70548f72254e674419e9888db9c0364a9b88dd58017a62
- PCR8 is a measurement of the signing certificate of the QingTian Enclave image file. You can sign the QingTian Enclave image file using your signing certificate and private key. PCR8 is available only when the QingTian Enclave image file is signed with the signing certificate and private key. PCR8 can be used to verify that the image is signed by using a specific signing certificate. As long as the specified signing certificate is not changed, PCR8 remains unchanged, even if the image file is changed. Details of PCR8 are as follows:
EXTEND_PCR: index: 8 EXTEND_PCR: data: c5b3e075e00c261e7fc364f1541067b2a42d4b793225ab10e5cfb8eaca31b3d598af9dd2e491828c2569a9953401abcb EXTEND_PCR res: data: 4f8b066ce5ac24150612ba9a55bbb9211f626152ada40ede160f4d7ecbfa214c2a549181f6611a3d16a12ec88a577a01
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
