docs: mention LoaderTpm2ActivePcrBanks in BLI

author Luca Boccassi <luca.boccassi@gmail.com>

Fri, 18 Jul 2025 22:13:35 +0000 (23:13 +0100)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Tue, 22 Jul 2025 15:05:21 +0000 (17:05 +0200)
author Luca Boccassi <luca.boccassi@gmail.com>
Fri, 18 Jul 2025 22:13:35 +0000 (23:13 +0100)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Tue, 22 Jul 2025 15:05:21 +0000 (17:05 +0200)
diff --git a/docs/BOOT_LOADER_INTERFACE.md b/docs/BOOT_LOADER_INTERFACE.md

index 2d67ff4c72c50e48bf9f1c02562adcb6354dd6a7..981dd1f551659783099687ebf64f4cabe96d70bc 100644 (file)
--- a/docs/BOOT_LOADER_INTERFACE.md
+++ b/docs/BOOT_LOADER_INTERFACE.md
@@ -112,6 +112,11 @@ variables. All EFI variables use the vendor UUID
  * The EFI variable `LoaderDeviceURL` contains the URL the boot loader was
    downloaded from, in UTF-16 format. Only set in case of network boots.
  
+* The EFI variable `LoaderTpm2ActivePcrBanks` contains a hexadecimal string
+  representation of a bitmask with values defined by the TCG EFI Protocol
+  Specification for TPM 2.0 as EFI_TCG2_BOOT_HASH_ALG_*. If no TPM2 support or
+  no active banks were detected, will be set to `0`.
+
  If `LoaderTimeInitUSec` and `LoaderTimeExecUSec` are set, `systemd-analyze`
  will include them in its boot-time analysis.  If `LoaderDevicePartUUID` is set,
  systemd will mount the ESP that was used for the boot to `/boot`, but only if
author	Luca Boccassi <luca.boccassi@gmail.com>
	Fri, 18 Jul 2025 22:13:35 +0000 (23:13 +0100)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Tue, 22 Jul 2025 15:05:21 +0000 (17:05 +0200)