how to enable TPM measured boot and see pcr values in windows 10?

Question

How can I enable TPM measured boot in Windows 10?

I want the TPM hashes to be captured in PCR values and I want to be able to see the results. I know how to do it in Linux but I don't know what should I do in Windows.

I found the following guides, but they don't seem to have the information I need:

• On the Microsoft website there is a guide: https://learn.microsoft.com/en-us/powershell/module/trustedplatformmodule/get-tpm?view=win10-ps but it's only for very basic tasks and doesn't explain this.
• I also saw this: TPM PCR Generation in Windows but it's not what I want.

Any help is appreciated.

Answer 1

If you want to see all hashes that led to the current PCR values, you can use the WBCL (Windows Boot Configuration Logs) provided by the TPM and Windows (I think starting from Windows 8). These are logs that are generated by the TPM/Firmware and stored under "C:\Windows\Logs\MeasuredBoot". They contain every event that was sent to the TPM and every operation on a PCR register should be one of these events.

I am using the TCGLogTools to parse these logs. The format of the logs is documented here and here if you wanted to write your own parser.