Trusted Platform Module
Athena OS leverages the system’s TPM 2.0 (Trusted Platform Module) to measure and attest the integrity of the boot chain: firmware, bootloader, kernel, and in some cases even the disk encryption policy.
This is called measured boot: each critical component is hashed and recorded in TPM registers called PCRs (Platform Configuration Registers).
Those measurements can then be used to:
- Decide whether to release secrets (like disk decryption keys).
- Detect tampering in firmware, bootloader, or kernel.
- Prove to the OS that the machine booted in a trusted state.
Athena OS integrates this with features like:
- Secure Boot
- Unified Kernel Images (UKI) / systemd-stub
- TPM-bound LUKS unlock (see “LUKS Encryption with TPM”)
What is a TPM?
Section titled “What is a TPM?”A TPM is a hardware security chip. It can:
- Store secrets (keys) in a way that software alone can’t just read out.
- “Seal” secrets to a known-good system state, defined by PCR values.
- Detect when firmware/bootloader/kernel changed unexpectedly, including malicious changes.
In Athena OS, this means:
- Your encryption key can be released automatically only if the system still matches the trusted boot measurements.
- If someone tampers with your bootloader or kernel, the TPM refuses to release that key.
PCRs (Platform Configuration Registers)
Section titled “PCRs (Platform Configuration Registers)”PCRs are small registers in the TPM that hold cryptographic measurements of the boot process.
Each PCR corresponds to a different stage or component. Values are “extended”, not overwritten, so they form an audit trail of what actually booted.
| PCR | Description | Extended by |
|---|---|---|
| PCR0 | Core System Firmware executable code (aka Firmware). May change if you upgrade your UEFI. | Firmware |
| PCR1 | Core System Firmware data (aka UEFI settings; configured boot order, for example) | Firmware |
| PCR2 | Extended or pluggable executable code (aka OpROMs) | Firmware |
| PCR3 | Extended or pluggable firmware data. Set during Boot Device Select UEFI boot phase. | Firmware |
| PCR4 | Boot Manager Code and Boot Attempts. Measures the boot manager and the devices that the firmware tried to boot from. | Firmware |
| PCR5 | Boot Manager Configuration and Data. Can measure configuration of boot loaders; includes the GPT Partition Table. | Firmware |
| PCR6 | Resume from S4 and S5 Power State Events | Firmware |
| PCR7 | Secure Boot State. Contains the full contents of PK/KEK/db, as well as the specific certificates used to validate each boot application | Firmware, shim (adds MokList, MokListX, and MokSBState) |
| PCR8 | Hash of the kernel command line | GRUB |
| PCR9 | Hash of the initramfs and EFI Load Options | Linux (measures the initramfs and EFI Load Options, essentially the kernel cmdline options) |
| PCR10 | Reserved for Future Use | |
| PCR11 | Hash of the Unified kernel image | systemd-stub |
| PCR12 | Overridden kernel command line, Credentials | systemd-stub |
| PCR13 | System Extensions | systemd-stub |
| PCR14 | shim’s MokList, MokListX, and MokSBState. | shim |
| PCR15 | Hash of the LUKS volume key | systemd-cryptsetup |
| PCR16 | Debug. May be used and reset at any time. May be absent from an official firmware release. | |
| PCR23 | Application Support. The OS can set and reset this PCR. |
Why PCRs matter
Section titled “Why PCRs matter”Secrets (like your LUKS decryption key) can be sealed to specific PCR values.
That means: “only release this secret if PCR7, PCR9, PCR11, PCR14 match what they were when I enrolled.”
If anything in the boot chain changes - new firmware, unsigned bootloader, injected kernel, malicious initramfs - those PCR values change, and the TPM refuses to release the secret.
This protects you even if:
- The attacker has physical access.
- The drive is stolen.
- Someone tries an “evil maid” attack by swapping your bootloader.
PCRs used by Athena OS
Section titled “PCRs used by Athena OS”Athena OS focuses on integrity checks involving:
-
PCR0 – Firmware and hardware initialization.
Contains measurements of the system firmware (BIOS/UEFI) and certain hardware components during the very first boot stage.
Confirms that the platform firmware and configuration haven’t been tampered with — changes here usually indicate a firmware update or malicious modification before the OS even loads. -
PCR11 – Unified Kernel Image (UKI) measurement by systemd-stub.
Confirms that the kernel+initrd bundle we’re booting is the one we intended. -
PCR15 – Vendor- or firmware-specific measurements.
Reserved for OEM or platform-specific use. May contain measurements of device firmware (e.g., Intel Boot Guard, AMD PSP) or other custom early-boot components.
Changes here typically happen only with firmware updates or hardware modifications.
These PCRs are also (optionally) used to gate access to disk encryption keys during early boot.
”Why did my machine suddenly ask for the LUKS passphrase?”
Section titled “”Why did my machine suddenly ask for the LUKS passphrase?””Scenario:
- Yesterday it auto-unlocked via TPM.
- Today it dropped to a password prompt.
This is expected when PCR measurements change.
Typical reasons:
- Firmware/UEFI update
- Kernel/initramfs update (especially if you switched kernels manually or modified initramfs)
- Secure Boot policy / shim MOK changes
- Real tampering with bootloader or kernel
When that happens:
- The TPM says “this isn’t the same platform state I trust.”
- The TPM will not unseal the stored LUKS key.
- The boot process falls back to asking you for the passphrase you set at install time.
After you successfully boot with the manual passphrase, you can safely re-enroll a fresh TPM key binding to match the new trusted state:
sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7+9+11+14 /dev/nvme0n1p3Keep that passphrase safe. If you lose it and PCRs no longer match, you’re locked out.
If you clear or wipe the TPM, you destroy sealed secrets, including Windows BitLocker keys on dual-boot systems. Back up your BitLocker recovery key before doing anything that resets TPM state.
Relationship to Secure Boot & UKI
Section titled “Relationship to Secure Boot & UKI”- Secure Boot makes sure only signed boot components are executed.
- Measured Boot (PCRs) records what actually ran.
- UKI (Unified Kernel Image) puts the kernel, initramfs, and command line into one signed artifact measured into PCR11.
Athena OS uses all of these together. The end result: tampering with firmware, shim, kernel, initramfs, or kernel parameters is detectable, and can directly block access to secrets.