Add GRUB's PCR Usage to README.tpm

This didn't seem to get documented anywhere, and this is as good a place as any. Upstream-commit-id: 4fab7281a8c
author: Peter Jones <pjones@redhat.com> 2018-08-01 09:58:09 -0500
committer: Peter Jones <pjones@redhat.com> 2020-07-23 20:51:49 -0400
commit: bd97e72f0490b2be766949f448bf6ea3ec2bba1a (patch)
tree: 53189959db1dd57ca745a9014a33670d7bb4ac3d
parent: 956717e2b375d7c7f0faafec8f12a7692708eb9a (diff)
download: efi-boot-shim-bd97e72f0490b2be766949f448bf6ea3ec2bba1a.tar.gz
efi-boot-shim-bd97e72f0490b2be766949f448bf6ea3ec2bba1a.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/README.tpm b/README.tpm
index b7314f12..d9c7c534 100644
--- a/README.tpm
+++ b/README.tpm
@@ -19,6 +19,15 @@ PCR7:
 - MokSBState will be extended into PCR7 if it is set, logged as
   "MokSBState".
 
+PCR8:
+- If you're using the grub2 TPM patchset we cary in Fedora, the kernel command
+  line and all grub commands (including all of grub.cfg that gets run) are
+  measured into PCR8.
+  
+PCR9:
+- If you're using the grub2 TPM patchset we cary in Fedora, the kernel,
+  initramfs, and any multiboot modules loaded are measured into PCR9.
+
 PCR14:
 - MokList, MokListX, and MokSBState will be extended into PCR14 if they are
   set.
author	Peter Jones <pjones@redhat.com>	2018-08-01 09:58:09 -0500
committer	Peter Jones <pjones@redhat.com>	2020-07-23 20:51:49 -0400
commit	bd97e72f0490b2be766949f448bf6ea3ec2bba1a (patch)
tree	53189959db1dd57ca745a9014a33670d7bb4ac3d
parent	956717e2b375d7c7f0faafec8f12a7692708eb9a (diff)
download	efi-boot-shim-bd97e72f0490b2be766949f448bf6ea3ec2bba1a.tar.gz efi-boot-shim-bd97e72f0490b2be766949f448bf6ea3ec2bba1a.zip