Do I need to reset the TPM so newly enabled SHA PCR Banks work?

Soda Can 0 Reputation points
2024-10-05T13:57:18.8866667+00:00

I saw that in my BIOS, under Trusted Computing, there were mutiple SHA PCR Bank options. Only one was enabled by default, SHA-1, however the BIOS had support for other two types of SHA PCR Banks which were SHA-256 and SHA-384.

I tried searching high and low for information on these, but the only informative one was from Microsoft Learn and it didn't clarify much about what I wanted to know.

So my question is: do I need to reset my TPM key to enable all these three SHA PCR Banks to work? If so or not, what do I need to do to get it to work?

By reset, I mean going into tpm.msc and clicking "Clear TPM".

(Copy of https://answers.microsoft.com/en-us/windows/forum/all/do-i-need-to-reset-the-tpm-so-newly-enabled-sha/8a95aa3e-ea4e-494a-8b35-99d8b405814c)

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
9,843 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ian Xue 37,541 Reputation points Microsoft Vendor
    2024-10-09T01:39:15.47+00:00

    Hi Soda,

    Thanks for your post. Based on my research, from the official article, it must ship with SHA-256 PCR banks and implement PCRs 0 through 23 for SHA-256. Note that it is acceptable to ship TPMs with a single switchable PCR bank that can be utilized for SHA-256 measurements.

    Reference:

    Understand PCR banks on TPM 2.0 devices

    Best Regards,

    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.