The Boot Process - Sequence of Events, Boot Integrity Checks, and BitLocker OS Volume Encryption

Question

Apologies if any of these questions have been answered previously. Also, apologies for the sheer number of questions asked here. I've done some digging, and have been unable to find a good resource that goes into a little more depth on how the boot process works, how the Chain of Trust is established and verified, and how/when the BitLocker encryption key is released during the boot process. Many sources give only a high-level overview of the process.

Please feel free to correct/add/remove anywhere you see fit in the boot process outline I've come up with. I am interested in as many details as you are willing to share (please feel free to get as technical as you want). Thanks ahead of time!

The environment I am considering is: Windows OS, ELAM enabled, Secure Boot enabled, Trusted Boot enabled with BitLocker OS Volume encryption.

Questions:

1. As we are generating hashes for integrity checks during the boot process (from the CRTM onward) and storing them in PCRs, where are the expected and trusted values stored that we use to compare with our calculated values stored in the PCRs? Are they stored in a database/config file somewhere securely like in the TPM, some other hardware root of trust, or elsewhere?
2. What parts of the OS volume are left unencrypted when using BitLocker or some other full disk encryption method? From what I've read, this might include part or all of the boot sector files such as the bootloader and kernel?
3. At what stage in the boot process is the BitLocker key released by the TPM?
4. Where does Early Launch Anti-Malware (ELAM) fit into this picture?

Boot Outline

1. Power-On Self-Test(POST): in response to powering on the device, the system begins with the Power-On Self-Test (POST) which is a series of diagnostic tests that the system performs on its hardware components (CPU, Memory, RAM, peripherals, etc.) to make sure they are functional.

2. BIOS/UEFI Code Execution: after a successful POST, the CPU begins BIOS code execution. The starting point is known as the reset vector located at address 0xFFFFFFF0 for x86 systems. The address 0xFFFFFFF0 is mapped/points to the area in ROM where BIOS code is stored (please confirm... Is there a table similar to something like a paging table that maps reserved memory locations?). The first set of instructions executed by the CPU are responsible for the Core Root of Trust Measurement (CRTM). The BIOS code itself is hashed and this measurement is stored in PCR0 - the starting point for establishing our Chain of Trust. This hash value will be compared to a known trusted hash typically stored securely in a firmware chip (TPM? Where is this stored? Database/config file somewhere secure in ROM or?). If the values match, BIOS code execution continues and we reach the bootloader.

3. Bootloader: The BIOS/UEFI continues building the Chain of Trust by hashing the bootloader and storing in a PCR. Integrity checks are performed, and if passed, the BIOS/UEFI signals the bootloader code to be loaded into the CPU and execution is handed over to the bootloader. First, the bootloader will continue building the Chain of Trust and hash various files including those related to the OS kernel, boot configuration files, etc. and store the value in a PCR for integrity checks. If checks are passed, the Bootloader will perform its basic operations including system initialization (configuring basic hardware settings such as memory, CPU registers, system timers, etc.), locating the boot device, and loading/passing control to the OS Kernel.

4. OS Kernel: The OS kernel initializes system resources, including device drivers and file systems. At this point, the OS becomes aware of the encrypted drive and communicates with the TPM to request release of the BitLocker Volume Master Key (VMK). The VMK will be used to decrypt the Full Volume Encryption Key (FVEK) which can be used to decrypt the drive. The OS Kernel can now decrypt additional parts of the drive necessary for continuing the boot cycle. The OS Kernel will also hash the files it requires to continue the boot process and will store this value in the PCR for integrity checks.

5. User Space Initialization: After the OS kernel has completed its execution steps, the system is ready to start the user-space initialization process. This involves starting essential system daemons, launching system services, etc. I would guess another hash is involved in this step, but am not sure if the OS kernel is in control or?

6. Login Prompt/GUI: The system presents the user with a login prompt or GUI. The user can log in and begin using the system.