Encrypting data to a PCR state
The TPM supports another feature that builds on the state of the PCRs. As previously men-
tioned, the TPM can perform RSA encryption. However, the TPM can also combine the
state of the PCRs to the encryption in a process known as sealing . Once data is sealed to a
PCR value, it can only be decrypted when the PCR matches the same value as when the en-
cryption was performed.
How is this going to help us protect our GPG key? We will encrypt the GPG key to a
known PCR state. We'll use the numeric code entered from the keypad connected to the
CryptoCape as input into this PCR state. When the TPM decrypts the GPG private key, it
will be available for use by GPG as usual. While GPG private keys are already protected
with a passphrase, the TPM provides extra protection for the key at rest. The passphrase
could still be captured with a keylogger, but our key won't be available until the BBB boots
with the CryptoCape attached and the code entered directly into the BBB.
This system also helps in preventing offline attacks on the numeric code. The PCR value,
once extended with the correct code, will allow unsealing of the data. But, if the wrong
code is entered, the PCR value will be incorrect and the only way to reset the PCR, if that
PCR is one of the non-resettable PCRs, is to reboot.