From bbfabc449831d0b1aa80eeeda1a9569f331394b7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 16 Mar 2022 11:00:27 +0100
Subject: [PATCH] NEWS: add entry announcing PCR change

---
 NEWS | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/NEWS b/NEWS
index 248cc0fdb40..712c0fc572b 100644
--- a/NEWS
+++ b/NEWS
@@ -109,6 +109,19 @@ CHANGES WITH 251:
           250. For newer kernels, non-x86 systems, or older x86 systems,
           there should be no visible changes.
 
+        * sd-boot will now measure the kernel command line into TPM PCR 12
+          rather than PCR 8. This improves usefulness of the measurements on
+          sytems where sd-boot is chainloaded from Grub. Grub measures all
+          commands its executes into PCR 8, which makes it very hard to use
+          reasonably, hence separate ourselves from that and use PCR 12
+          instead, which is already what certain Ubuntu editions use it for. To
+          retain compatibility with systems running older systemd systems a new
+          Meson option 'efi-tpm-pcr-compat' has been added (which defaults to
+          false). If enabled, the measurement is done twice: into the new-style
+          PCR 12 *and* the old-style PCR 8. It's strongly advised to migrate
+          all users to PCR 12 for this purpose in the long run, as we intend to
+          remove this compatibility feature again in two year's time.
+
 CHANGES WITH 250:
 
         * Support for encrypted and authenticated credentials has been added.
-- 
2.47.3