Startup, Shutdown, and Provisioning
Startup here is defined as software operations that occur each time a platform boots. The boot can be a cold boot, or it can be what in PC terms is called a resume from suspend or a boot from hibernate. The TPM holds several classes of volatile state, including PCR values, loaded sessions and keys, enables, authorization and policy values, hybrid NV indexes, and clock state. Based on the type of power cycle, this volatile state must either persist or be initialized. The TPM provides two commands that, in various combinations, permit external software to manage the power-cycle requirements.
Provisioning, on the other hand, is a rare occurrence. It might happen only once over the lifetime of the platform. A TPM vendor, platform manufacturer, IT department, or end user generates keys and other secrets, inserts certificates, and enables or disables certain TPM features. The other side of provisioning is deprovisioning: what the parties do before they repurpose, surplus, or discard a platform to ensure that secrets are erased.
This chapter discusses startup first, followed by the TPM provisioning tasks that various parties may perform. Those parties may include the TPM manufacturer, the platform manufacturer (also called the OEM), and the end user (either an individual or an IT department).
Startup and Shutdown
Startup (and shutdown as well) is handled by low-level software. On a PC platform, this is the BIOS and operating system. The intent is that state is reset or restored as required so that resuming applications are unaware of these events. For example, an application doesn't expect loaded keys or sessions to suddenly disappear. It may not be able to reload keys, and it may not want to rerun a policy evaluation because a session vanished. The TPM, with support from the operating system and boot code, makes power cycling transparent to applications by saving volatile state to its nonvolatile memory on power down and restoring state on power up.
The TPM specification defines three startup events: TPM Reset, TPM Resume, and TPM Restart. They follow a signal called TPM Init during a platform reset. In a typical hardware TPM, Italicize is assertion of the TPM reset pin, possibly preceded by a power cycle. At this time, it's assumed the TPM's volatile state is lost, and only the saved (if any) nonvolatile state remains.
TPM Reset normally occurs when the platform is booting after a power on or rebooting without a power cycle. The TPM receives a startup command to reset the TPM volatile state. Reset in this case can mean either setting state to a specified initial value or generating new random values for nonces. TPM Reset establishes a new trusted platform state. All required software components are measured into the set of reset PCRs. All the TPM's resources are reset to their default provisioned state.
TPM Resume typically occurs when the platform resumes from suspend, sometimes also called a sleep state or low-power state. Because the platform is continuing rather than rebooting, all state, including PCR values, is restored. TPM Resume restores the TPM's state to that before the power loss or reset, because the platform trust state has not changed since the reset or power off.
TPM Restart typically occurs when the platform comes out of hibernation. Before the power cycle, the TPM receives a command to save state, and most of the state is restored at startup. The exception is PCR values, which are initialized, not restored. This permits a booting platform to extend new measurements to the TPM, while the TPM state used by the operating system and applications are restored. TPM Restart is a special case where the platform reestablishes its trusted state (by creating new measurements), but the user's state (operating system and applications) is restored.
The TPM provides two commands to support these startup events: TPM2_Shutdown and TPM2_Startup. Shutdown is typically performed by the operating system just before transitioning to a platform reset or power down. TPM2_Shutdown has two options:
CLEAR and STATE. Startup is executed by the root of trust for measurement (RTM) in the initialization firmware (for example, BIOS on the PC). TPM2_Startup also has two options: CLEAR and STATE.
Here are the commands in combination:
• TPM Reset (reboot) is TPM2_Shutdown with the CLEAR option
(or no shutdown command) followed by TPM2_Startup with the
• TPM Restart (hibernate) is TPM2_Shutdown with the STATE option followed by TPM2_Startup with the CLEAR option.
• TPM Resume (suspend, sleep) is TPM2_Shutdown with the STATE
option followed by TPM2_Startup with the STATE option.
The following is a brief overview of the command behaviors. There are many details surrounding the clock and time counters, session context, hybrid NV indexes, and more. These are discussed in other parts of the book as the concepts are introduced:
• TPM2_Shutdown with the CLEAR option is an orderly shutdown before the platform powers down or reboots. The TPM saves certain volatile values to nonvolatile memory: the clock and NV indexes with the orderly attribute that are normally shadowed in volatile memory.
• TPM2_Shutdown with the STATE option is a shutdown typically due to hibernation or suspend. The TPM stores the previously listed items plus tracking for session contexts, PCRs that the platform specification mandates should be saved, certain NV index flags, and state associated with audit.
• TPM2_Startup with the CLEAR option initializes TPM volatile state, including PCR and NV volatile state; enables the three hierarchies; and clears the platform authorization and policy.
• TPM2_Startup with the STATE option is only permitted after TPM2_Shutdown with the STATE option. PCRs are restored or initialized based on the platform specific specification. 
For example, the detailed behavior and rationale for PCRs though the three power-cycle types are as follows: 
• On a reboot, TPM Reset, all PCRs must be initialized. The TPM2_Startup with the CLEAR option always initializes PCRs, regardless of the type of shutdown.
• On a resume from hibernation, TPM Restart, the platform is rerunning BIOS code and doing its measurements, so the PCRs must be initialized. TPM2_Startup with the CLEAR option again initializes PCRs, even though they were saved during the power-down sequence.
• On a resume from suspend, TPM Resume, the PCR values may be lost on power down. However, the platform resumes without rerunning BIOS, boot, or OS initialization code. PCR values must therefore be restored. TPM2_Shutdown with the STATE option saves volatile PCRs as the platform suspends. TPM2_Startup with the STATE option restores those values.