New upstream version 15.3upstream/15.3

1 files changed, 11 insertions, 9 deletions

diff --git a/README.tpm b/README.tpm
index d9c7c534..9e830b72 100644
--- a/README.tpm
+++ b/README.tpm
@@ -9,23 +9,25 @@ PCR4:
 PCR7:
 - Any certificate in one of our certificate databases that matches a binary
   we try to load will be extended into PCR7.  That includes:
-  - DBX - the system blacklist, logged as "dbx"
-  - MokListX - the Mok blacklist, logged as "MokListX"
-  - vendor_dbx - shim's built-in vendor blacklist, logged as "dbx"
-  - DB - the system whitelist, logged as "db"
-  - MokList the Mok whitelist, logged as "MokList"
-  - vendor_cert - shim's built-in vendor whitelist, logged as "Shim"
-  - shim_cert - shim's build-time generated whitelist, logged as "Shim"
+  - DBX - the system denylist, logged as "dbx"
+  - MokListX - the Mok denylist, logged as "MokListX"
+  - vendor_dbx - shim's built-in vendor denylist, logged as "dbx"
+  - DB - the system allowlist, logged as "db"
+  - vendor_db - shim's built-in vendor allowlist, logged as "db"
+  - MokList the Mok allowlist, logged as "MokList"
+  - vendor_cert - shim's built-in vendor allowlist, logged as "Shim"
+  - shim_cert - shim's build-time generated allowlist, logged as "Shim"
 - MokSBState will be extended into PCR7 if it is set, logged as
   "MokSBState".
+- SBAT will be extended into PCR7 if it is set, logged as "SBAT"
 
 PCR8:
 - If you're using the grub2 TPM patchset we cary in Fedora, the kernel command
   line and all grub commands (including all of grub.cfg that gets run) are
   measured into PCR8.
-  
+
 PCR9:
-- If you're using the grub2 TPM patchset we cary in Fedora, the kernel,
+- If you're using the grub2 TPM patchset we carry in Fedora, the kernel,
   initramfs, and any multiboot modules loaded are measured into PCR9.
 
 PCR14: