From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 18 Jul 2025 22:13:35 +0000 (+0100)
Subject: docs: mention LoaderTpm2ActivePcrBanks in BLI
X-Git-Tag: v258-rc1~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bfeaefebf2fe8470fd9eed4abe597f86af5ca303;p=thirdparty%2Fsystemd.git

docs: mention LoaderTpm2ActivePcrBanks in BLI

Follow-up for 6eab4cd44c3c43698dcfc2c3bc8cd31ed610a812
---

diff --git a/docs/BOOT_LOADER_INTERFACE.md b/docs/BOOT_LOADER_INTERFACE.md
index 2d67ff4c72c..981dd1f5516 100644
--- a/docs/BOOT_LOADER_INTERFACE.md
+++ b/docs/BOOT_LOADER_INTERFACE.md
@@ -112,6 +112,11 @@ variables. All EFI variables use the vendor UUID
 * The EFI variable `LoaderDeviceURL` contains the URL the boot loader was
   downloaded from, in UTF-16 format. Only set in case of network boots.
 
+* The EFI variable `LoaderTpm2ActivePcrBanks` contains a hexadecimal string
+  representation of a bitmask with values defined by the TCG EFI Protocol
+  Specification for TPM 2.0 as EFI_TCG2_BOOT_HASH_ALG_*. If no TPM2 support or
+  no active banks were detected, will be set to `0`.
+
 If `LoaderTimeInitUSec` and `LoaderTimeExecUSec` are set, `systemd-analyze`
 will include them in its boot-time analysis.  If `LoaderDevicePartUUID` is set,
 systemd will mount the ESP that was used for the boot to `/boot`, but only if