Add README.tpm to explain which PCRs we extend things to.

Signed-off-by: Peter Jones <pjones@redhat.com>
author: Peter Jones <pjones@redhat.com> 2017-08-01 12:54:25 -0400
committer: Peter Jones <pjones@redhat.com> 2017-08-03 11:24:56 -0400
commit: 631265b7e9c447412d423ffed1b39dfd706054cd (patch)
tree: b0f881a8bf2eedd69fde2e398a565e9e8f16dc64 /README
parent: 9abedc47f521ed7b439ceb24730d22a33bc6e03b (diff)
download: efi-boot-shim-631265b7e9c447412d423ffed1b39dfd706054cd.tar.gz
efi-boot-shim-631265b7e9c447412d423ffed1b39dfd706054cd.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/README b/README
index 24a39df1..bfc2d5cf 100644
--- a/README
+++ b/README
@@ -12,5 +12,9 @@ in the shim.h header file and provides a single entry point. On 64-bit systems
 this entry point expects to be called with SysV ABI rather than MSABI, and
 so calls to it should not be wrapped.
 
+On systems with a TPM chip enabled and supported by the system firmware,
+shim will extend various PCRs with the digests of the targets it is
+loading.  A full list is in the file README.tpm .
+
 To use shim, simply place a DER-encoded public certificate in a file such as
 pub.cer and build with "make VENDOR_CERT_FILE=pub.cer".
author	Peter Jones <pjones@redhat.com>	2017-08-01 12:54:25 -0400
committer	Peter Jones <pjones@redhat.com>	2017-08-03 11:24:56 -0400
commit	631265b7e9c447412d423ffed1b39dfd706054cd (patch)
tree	b0f881a8bf2eedd69fde2e398a565e9e8f16dc64 /README
parent	9abedc47f521ed7b439ceb24730d22a33bc6e03b (diff)
download	efi-boot-shim-631265b7e9c447412d423ffed1b39dfd706054cd.tar.gz efi-boot-shim-631265b7e9c447412d423ffed1b39dfd706054cd.zip