From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 10 Oct 2023 13:51:38 +0000 (+0200)
Subject: docs: document that in future we'll do EV_EVENT_TAG only, no EV_IPL
X-Git-Tag: v255-rc1~280
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=22d7fb66469dbf76b4c9a90b3a57cc87fde70b8f;p=thirdparty%2Fsystemd.git

docs: document that in future we'll do EV_EVENT_TAG only, no EV_IPL
---

diff --git a/docs/TPM2_PCR_MEASUREMENTS.md b/docs/TPM2_PCR_MEASUREMENTS.md
index 7601c155313..462a86b36c0 100644
--- a/docs/TPM2_PCR_MEASUREMENTS.md
+++ b/docs/TPM2_PCR_MEASUREMENTS.md
@@ -29,6 +29,16 @@ Currently, four components will issue TPM2 PCR measurements:
 A userspace measurement event log in a format close to TCG CEL-JSON is
 maintained in `/run/log/systemd/tpm2-measure.log`.
 
+## Measurements Added in Future
+
+We expect that we'll add further PCR extensions in future (both in firmware and
+user mode), which also will be documented here. When executed from firmware
+mode future additions are expected to be recorded as `EV_EVENT_TAG`
+measurements in the event log, in order to make them robustly
+recognizable. Measurements currently recorded as `EV_IPL` will continue to be
+recorded as `EV_IPL`, for compatibility reasons. However, `EV_IPL` will not be
+used for new, additional measurements.
+
 ## PCR Measurements Made by `systemd-boot` (UEFI)
 
 ### PCS 5, `EV_EVENT_TAG`, "loader.conf"