You have to be precise about whether "BIOS" means the CRTM or the rest of the BIOS after the CRTM.
As you say, the CRTM has to be trusted. It's the 'core root of trust'. You have to trust that the OEM implemented it correctly, and also that the OEM protected it against software attacks.
If the rest of the BIOS can't be trusted, you can still do an attestation. The remote party checks the PCRs, and it decides whether the rest of the BIOS can be trusted.
trusted-computing-bounces@lists.fedorahosted.org wrote on 08/23/2011 08:01:05 AM:
----- Message from "Li, David" LiD@cloudshield.com on Mon, 22 Aug
I am new to TCG. My understanding is that in SRTM BIOS itself is assumed to be trustable. It’s not measured on a PC client during the boot since it’s the first one being loaded and executed. But it forms the basis of chain of trustable measurements. Is this correct?
What if my BIOS can’t be trusted? Can I still do remote attestation of the PC client booted this way?