A method, system and computer program product for enhancing the functionality of the existing core root of trust measurement (CRTM). The CRTM is extended to allow platform manufacturer controlled and certified code to be incorporated into the function of the CRTM, wherein the manufacturer may define the policy for accepting a new function into the CRTM. When a firmware or software module image is compiled, the build process generates a hash value of the compiled firmware or software image, wherein the hash value reflects a fingerprint (or short hand) representation of the compiled image. A determination is made as to whether the hash value of the firmware or software image is to be a CRTM extension. If so, a digital signature of the module is created using the CRTM extension private key. This signature value is added to the firmware or software module.