You have to be precise about whether "BIOS" means the CRTM or the rest
of the BIOS after the CRTM.

As you say, the CRTM has to be trusted.  It's the 'core root of trust'.
You have to trust that the OEM implemented it correctly, and also that
the OEM protected it against software attacks.

If the rest of the BIOS can't be trusted, you can still do an attestation.
The remote party checks the PCRs, and it decides whether the rest of the
BIOS can be trusted.

trusted-computing-bounces@lists.fedorahosted.org wrote on 08/23/2011 08:01:05 AM:

> ----- Message from "Li, David" <LiD@cloudshield.com> on Mon, 22 Aug
>  
> I am new to TCG. My understanding is that in SRTM BIOS itself is
> assumed to be trustable. It’s not measured on a PC client during the
> boot since it’s the first one being loaded and executed. But it
> forms the basis of chain of trustable measurements. Is this correct?
>  
> What if my BIOS can’t be trusted?  Can I still do remote attestation
> of the PC client booted this way?