boot: add new pcrphase tool to measure barrier strings into PCR 11

author: Lennart Poettering <lennart@poettering.net> 2022-09-16 23:57:26 +0200
committer: Lennart Poettering <lennart@poettering.net> 2022-09-22 16:52:06 +0200
commit: 708d7524790c962a5b49bcf8bc5556f4acda3d08 (patch)
tree: 085c68c0c44d82fddc0a884e5bb997fd46e82452 /catalog
parent: tpm2-util: add helper for determining enabled/used PCR banks (diff)
download: systemd-708d7524790c962a5b49bcf8bc5556f4acda3d08.tar.xz
systemd-708d7524790c962a5b49bcf8bc5556f4acda3d08.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/catalog/systemd.catalog.in b/catalog/systemd.catalog.in
index 8cd284c195..56307003f9 100644
--- a/catalog/systemd.catalog.in
+++ b/catalog/systemd.catalog.in
@@ -527,3 +527,15 @@ Support: %SUPPORT_URL%
 
 For the first time during the current boot an NTP synchronization has been
 acquired and the local system clock adjustment has been initiated.
+
+-- 3f7d5ef3e54f4302b4f0b143bb270cab
+Subject: TPM PCR Extended
+Defined-By: systemd
+Support: %SUPPORT_URL%
+
+The string '@MEASURING@' has been extended into Trusted Platform Module's (TPM)
+Platform Configuration Register (PCR) @PCR@, on banks @BANKS@.
+
+Whenever the system transitions to a new runtime phase, a different string is
+extended into the specified PCR, to ensure that security policies for TPM-bound
+secrets and other resources are limited to specific phases of the runtime.
author	Lennart Poettering <lennart@poettering.net>	2022-09-16 23:57:26 +0200
committer	Lennart Poettering <lennart@poettering.net>	2022-09-22 16:52:06 +0200
commit	708d7524790c962a5b49bcf8bc5556f4acda3d08 (patch)
tree	085c68c0c44d82fddc0a884e5bb997fd46e82452 /catalog
parent	tpm2-util: add helper for determining enabled/used PCR banks (diff)
download	systemd-708d7524790c962a5b49bcf8bc5556f4acda3d08.tar.xz systemd-708d7524790c962a5b49bcf8bc5556f4acda3d08.zip