diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2023-04-05 09:30:52 +0200 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@gmail.com> | 2023-04-14 20:01:22 +0100 |
commit | 10fa7251c0d8a465c932f2c4cf4496efb1637458 (patch) | |
tree | 30511b0629c2e39942d3b82c7c8cae60943e0b33 /po | |
parent | 3e5b7717552180f9c27d929e97d1b3f926d7ac30 (diff) | |
download | systemd-10fa7251c0d8a465c932f2c4cf4496efb1637458.tar.gz |
man/systemd-cryptenroll: update list of PCRs, link to uapi docs
Entia non sunt multiplicanda praeter necessitatem. We had a list of PCRs in the
man page which was already half out-of-date. Instead, link to web page with the
"authoritative" list. Here, drop the descriptions of what shim and grub do. Instead,
just give some short descriptions and mention what systemd components do.
systemd-pcrmachine.service and systemd-pcrfs@.service are now mentioned too.
https://github.com/uapi-group/specifications/commit/d0e590b1e2648e76ece66157ceade3f45b165b14
extended the table in the specs repo.
https://github.com/uapi-group/specifications/pull/59 adds some more text there
too.
Also, rework the recommendation: hint that PCR 11 is useful, and recommend
binding to policy signatures instead of direct PCR values. This new text is
intentionally vague: doing this correctly is hard, but let's at least not imply
that just binding to PCR 7 is useful in any way.
Also, change "string alias" to "name" in discussion of PCR names.
Inspired by https://discussion.fedoraproject.org/t/future-of-encryption-in-fedora/80397/17
Diffstat (limited to 'po')
0 files changed, 0 insertions, 0 deletions