What is TPM PCR?

A TPM PCR is a Platform Configuration Register that stores boot measurements through extend operations.

Why it matters

• Explains firmware trust and protection mechanisms.
• Helps debug Secure Boot, measured boot, and variable-protection behavior.
• Useful when reviewing boot security policy.

Practical example

Example: Secure Boot decides whether an image is allowed to run; Measured Boot records what actually ran.

Quick checklist

• Which policy or key database is involved?
• Is the image/variable signed or measured as expected?
• Do logs report authentication, measurement, or access-denied errors?

Quick takeaway

TPM PCR is a small concept, but it often becomes important when reading logs or debugging real firmware.

Related notes

• What is Measured Boot?
• What is TPM Event Log?
• What is TPM2 ACPI Table?
• What is SMM Lock?
• What is BIOS Lock?

Public references

• UEFI Specification 2.11 — Secure Boot / Security
• EDK II SecurityPkg

Found this useful?

Save it or share it with someone learning firmware, BIOS/UEFI, and embedded systems.

Share Copy link

Nội dung liên quan

Một số bài viết, ghi chú hoặc project có liên quan đến nội dung bạn vừa đọc.

Ghi chú/UEFI Security Terms

What is Measured Boot?

Quick note explaining Measured Boot for BIOS/UEFI and embedded firmware readers.

October 18, 2023Read →

Ghi chú/UEFI Security Terms

What is SMM Lock?

Quick note explaining SMM Lock for BIOS/UEFI and embedded firmware readers.

October 16, 2025Read →

Ghi chú/UEFI Security Terms

What is BIOS Lock?

Quick note explaining BIOS Lock for BIOS/UEFI and embedded firmware readers.

February 24, 2024Read →

Biến note thành bài viết hoàn chỉnh

Notes là nơi ghi nhanh khái niệm.

Đọc blog Xem notes khác