1 files changed, 234 insertions, 15 deletions

diff --git a/templates/man8/systemd-pcrlock.8.pot b/templates/man8/systemd-pcrlock.8.pot
index 5498fd99..7f6ea099 100644
--- a/templates/man8/systemd-pcrlock.8.pot
+++ b/templates/man8/systemd-pcrlock.8.pot
@@ -7,7 +7,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2024-03-01 17:11+0100\n"
+"POT-Creation-Date: 2024-06-01 06:28+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -18,18 +18,20 @@ msgstr ""
 
 #. type: TH
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 #, no-wrap
 msgid "SYSTEMD-PCRLOCK"
 msgstr ""
 
 #. type: TH
-#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron opensuse-tumbleweed
 #, no-wrap
 msgid "systemd 255"
 msgstr ""
 
 #. type: TH
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 #, no-wrap
 msgid "systemd-pcrlock"
 msgstr ""
@@ -39,12 +41,14 @@ msgstr ""
 #.  -----------------------------------------------------------------
 #. type: SH
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 #, no-wrap
 msgid "NAME"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "systemd-pcrlock, systemd-pcrlock-file-system.service, systemd-pcrlock-"
 "firmware-code.service, systemd-pcrlock-firmware-config.service, systemd-"
@@ -56,23 +60,26 @@ msgstr ""
 
 #. type: SH
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 #, no-wrap
 msgid "SYNOPSIS"
 msgstr ""
 
 #. type: Plain text
-#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron opensuse-tumbleweed
 msgid "B</usr/lib/systemd/systemd-pcrlock >B<[OPTIONS...]>"
 msgstr ""
 
 #. type: SH
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 #, no-wrap
 msgid "DESCRIPTION"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Note: this command is experimental for now\\&. While it is likely to become "
 "a regular component of systemd, it might still change in behaviour and "
@@ -81,6 +88,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "B<systemd-pcrlock> is a tool that may be used to analyze and predict TPM2 "
 "PCR measurements, and generate TPM2 access policies from the prediction "
@@ -92,11 +100,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<systemd-pcrlock> uses as input for its analysis and prediction:"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "The UEFI firmware TPM2 event log (i\\&.e\\&.  /sys/kernel/security/tpm0/"
 "binary_bios_measurements) of the current boot\\&."
@@ -104,6 +114,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "The userspace TPM2 event log (i\\&.e\\&.  /run/log/systemd/tpm2-measure\\&."
 "log) of the current boot\\&."
@@ -111,11 +122,12 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "The current PCR state of the TPM2 chip\\&."
 msgstr ""
 
 #. type: Plain text
-#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron opensuse-tumbleweed
 msgid ""
 "Boot component definition files (*\\&.pcrlock and *\\&.pcrlock\\&.d/*\\&."
 "pcrlock, see B<systemd.pcrlock>(5)) that each define expected measurements "
@@ -126,6 +138,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "It uses these inputs to generate a combined event log, validating it against "
 "the PCR states\\&. It then attempts to recognize event log records and "
@@ -142,6 +155,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Use tools such as B<systemd-cryptenroll>(1)  or B<systemd-repart>(8)  to "
 "bind disk encryption to such a B<systemd-pcrlock> TPM2 policy\\&. "
@@ -150,6 +164,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "The access policy logic requires a TPM2 device that implements the "
 "\"PolicyAuthorizeNV\" command, i\\&.e\\&. implements TPM 2\\&.0 version "
@@ -158,22 +173,26 @@ msgstr ""
 
 #. type: SH
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 #, no-wrap
 msgid "COMMANDS"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "The following commands are understood:"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<log>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This reads the combined TPM2 event log, validates it, matches it against the "
 "current PCR values, and outputs both in tabular form\\&. Combine with B<--"
@@ -182,29 +201,33 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "Added in version 255\\&."
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<cel>"
 msgstr ""
 
 #. type: Plain text
-#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux debian-unstable fedora-rawhide mageia-cauldron opensuse-tumbleweed
 msgid ""
 "This reads the combined TPM2 event log and writes it to STDOUT in "
-"\\m[blue]B<TCG Common Event Log Format (CEL-"
+"\\m[blue]B<TCG Canonical Event Log Format (CEL-"
 "JSON)>\\m[]\\&\\s-2\\u[1]\\d\\s+2 format\\&."
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<list-components>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Shows a list of component definitions and their variants, i\\&.e\\&. the "
 "*\\&.pcrlock files discovered in /var/lib/pcrlock\\&.d/, /usr/lib/pcrlock\\&."
@@ -214,11 +237,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<predict>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Predicts the PCR state on future boots\\&. This will analyze the TPM2 event "
 "log as described above, recognize components, and then generate all possible "
@@ -232,11 +257,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<make-policy>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This predicts the PCR state for future boots, much like the B<predict> "
 "command above\\&. It then uses this data to generate a TPM2 access policy "
@@ -247,6 +274,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "The NV index is allocated on first invocation, and updated on subsequent "
 "invocations\\&."
@@ -254,6 +282,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "The NV index contents may be changed (and thus the policy stored in it "
 "updated) by providing an access PIN\\&. This PIN is normally generated "
@@ -266,6 +295,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "If the new prediction matches the old this command terminates quickly and "
 "executes no further operation\\&. (Unless B<--force> is specified, see "
@@ -274,11 +304,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<remove-policy>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Removes a previously generated policy\\&. Deletes the /var/lib/systemd/"
 "pcrlock\\&.json file, and deallocates the NV index\\&."
@@ -286,11 +318,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<lock-firmware-code>, B<unlock-firmware-code>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Generates/removes \\&.pcrlock files based on the TPM2 event log of the "
 "current boot covering all records for PCRs 0 (\"platform-code\") and 2 "
@@ -299,6 +333,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This operation allows locking the boot process to the current version of the "
 "firmware of the system and its extension cards\\&. This operation should "
@@ -308,6 +343,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Note that this data only matches the current version of the firmware\\&. If "
 "a firmware update is applied this data will be out-of-date and any access "
@@ -318,6 +354,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "B<systemd-pcrlock lock-firmware-code> is invoked automatically at boot via "
 "the systemd-pcrlock-firmware-code\\&.service unit, if enabled\\&. This "
@@ -328,6 +365,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "The files are only generated from the event log if the event log matches the "
 "current TPM2 PCR state\\&."
@@ -335,6 +373,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This writes/removes the files /var/lib/pcrlock\\&.d/250-firmware-code-"
 "early\\&.pcrlock\\&.d/generated\\&.pcrlock and /var/lib/pcrlock\\&.d/550-"
@@ -343,11 +382,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<lock-firmware-config>, B<unlock-firmware-config>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This is similar to B<lock-firmware-code>/B<unlock-firmware-code> but locks "
 "down the firmware configuration, i\\&.e\\&. PCRs 1 (\"platform-config\") and "
@@ -356,6 +397,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This functionality should be used with care as in most scenarios a minor "
 "firmware configuration change should not invalidate access policies to TPM2 "
@@ -369,6 +411,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Use B<unlock-firmware-config> before making firmware configuration "
 "changes\\&. If the systemd-pcrlock-firmware-config\\&.service unit is "
@@ -378,6 +421,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This writes/removes the files /var/lib/pcrlock\\&.d/250-firmware-config-"
 "early\\&.pcrlock\\&.d/generated\\&.pcrlock and /var/lib/pcrlock\\&.d/550-"
@@ -386,11 +430,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<lock-secureboot-policy>, B<unlock-secureboot-policy>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Generates/removes a \\&.pcrlock file based on the SecureBoot policy "
 "currently enforced\\&. This looks at the SecureBoot, PK, KEK, db, dbx, dbt, "
@@ -400,6 +446,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Use B<unlock-firmware-config> before applying SecureBoot policy updates\\&. "
 "If the systemd-pcrlock-secureboot-policy\\&.service unit is enabled it will "
@@ -408,6 +455,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This writes/removes the file /var/lib/pcrlock\\&.d/230-secureboot-policy\\&."
 "pcrlock\\&.d/generated\\&.pcrlock\\&."
@@ -415,11 +463,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<lock-secureboot-authority>, B<unlock-secureboot-authority>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Generates/removes a \\&.pcrlock file based on the SecureBoot authorities "
 "used to validate the boot path\\&. SecureBoot authorities are the specific "
@@ -430,6 +480,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This writes/removes the file /var/lib/pcrlock\\&.d/620-secureboot-"
 "authority\\&.pcrlock\\&.d/generated\\&.pcrlock\\&."
@@ -437,11 +488,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<lock-gpt> [I<DEVICE>], B<unlock-gpt>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Generates/removes a \\&.pcrlock file based on the GPT partition table of the "
 "specified disk\\&. If no disk is specified automatically determines the "
@@ -452,6 +505,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This writes/removes the file /var/lib/pcrlock\\&.d/600-gpt\\&.pcrlock\\&.d/"
 "generated\\&.pcrlock\\&."
@@ -459,11 +513,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<lock-pe> [I<BINARY>], B<unlock-pe>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Generates/removes a \\&.pcrlock file based on the specified PE binary\\&. "
 "This is useful for predicting measurements the firmware makes to PCR 4 "
@@ -474,6 +530,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Expects a path to the PE binary as argument\\&. If not specified, reads the "
 "binary from STDIN instead\\&."
@@ -481,17 +538,20 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "The pcrlock file to write must be specified via the B<--pcrlock=> switch\\&."
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<lock-uki> [I<UKI>], B<unlock-uki>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Generates/removes a \\&.pcrlock file based on the specified UKI PE "
 "binary\\&. This is useful for predicting measurements the firmware makes to "
@@ -502,6 +562,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Expects a path to the UKI PE binary as argument\\&. If not specified, reads "
 "the binary from STDIN instead\\&."
@@ -509,11 +570,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<lock-machine-id>, B<unlock-machine-id>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Generates/removes a \\&.pcrlock file based on /etc/machine-id\\&. This is "
 "useful for predicting measurements B<systemd-pcrmachine.service>(8)  makes "
@@ -522,6 +585,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This writes/removes the file /var/lib/pcrlock\\&.d/820-machine-id\\&."
 "pcrlock\\&."
@@ -529,11 +593,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<lock-file-system> [I<PATH>], B<unlock-file-system> [I<PATH>]"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Generates/removes a \\&.pcrlock file based on file system identity\\&. This "
 "is useful for predicting measurements B<systemd-pcrfs@.service>(8)  makes to "
@@ -542,6 +608,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This writes/removes the files /var/lib/pcrlock\\&.d/830-root-file-system\\&."
 "pcrlock and /var/lib/pcrlock\\&.d/840-file-system-I<path>\\&.pcrlock\\&."
@@ -549,11 +616,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<lock-kernel-cmdline> [I<FILE>], B<unlock-kernel-cmdline>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Generates/removes a \\&.pcrlock file based on /proc/cmdline (or the "
 "specified file if given)\\&. This is useful for predicting measurements the "
@@ -562,6 +631,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This writes/removes the file /var/lib/pcrlock\\&.d/710-kernel-cmdline\\&."
 "pcrlock/generated\\&.pcrlock\\&."
@@ -569,11 +639,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<lock-kernel-initrd> I<FILE>, B<unlock-kernel-initrd>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Generates/removes a \\&.pcrlock file based on a kernel initrd cpio "
 "archive\\&. This is useful for predicting measurements the Linux kernel "
@@ -584,6 +656,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This writes/removes the file /var/lib/pcrlock\\&.d/720-kernel-initrd\\&."
 "pcrlock/generated\\&.pcrlock\\&."
@@ -591,37 +664,42 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<lock-raw> [I<FILE>], B<unlock-raw>"
 msgstr ""
 
 #. type: Plain text
-#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux debian-unstable fedora-rawhide mageia-cauldron opensuse-tumbleweed
 msgid ""
 "Generates/removes a \\&.pcrlock file based on raw binary data\\&. The data "
 "is either read from the specified file or from STDIN (if none is "
 "specified)\\&. This requires that B<--pcrs=> is specified\\&. The generated "
-"pcrlock file is written to the file specified via B<--pcrlock=> or to STDOUT "
-"(if none is specified)\\&."
+"\\&.pcrlock file is written to the file specified via B<--pcrlock=> or to "
+"STDOUT (if none is specified)\\&."
 msgstr ""
 
 #. type: SH
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 #, no-wrap
 msgid "OPTIONS"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "The following options are understood:"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<--raw-description>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "When displaying the TPM2 event log do not attempt to decode the records to "
 "provide a friendly event log description string\\&. Instead, show the binary "
@@ -630,11 +708,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<--pcr=>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Specifies the PCR number to use\\&. May be specified more than once to "
 "select multiple PCRs\\&."
@@ -642,6 +722,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "This is used by B<lock-raw> and B<lock-pe> to select the PCR to lock "
 "against\\&."
@@ -649,6 +730,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "If used with B<predict> and B<make-policy> this will override which PCRs to "
 "include in the prediction and policy\\&. If unspecified this defaults to "
@@ -661,24 +743,27 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<--nv-index=>"
 msgstr ""
 
 #. type: Plain text
-#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux debian-unstable fedora-rawhide mageia-cauldron opensuse-tumbleweed
 msgid ""
-"Specifies to NV index to store the policy in\\&. Honoured by B<make-"
+"Specifies the NV index to store the policy in\\&. Honoured by B<make-"
 "policy>\\&. If not specified the command will automatically pick a free NV "
 "index\\&."
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<--components=>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Takes a path to read *\\&.pcrlock and *\\&.pcrlock\\&.d/*\\&.pcrlock files "
 "from\\&. May be used more than once to specify multiple such directories\\&. "
@@ -688,11 +773,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<--location=>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Takes either a string or a colon-separated pair of strings\\&. Configures up "
 "to which point in the sorted list of defined components to analyze/predict "
@@ -714,6 +801,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "If used with B<list-components> the selected location range will be "
 "highlighted in the component list\\&."
@@ -721,6 +809,7 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Defaults to \"760-:940-\", which means the policies generated by default "
 "will basically cover the whole runtime of the OS userspace, from the initrd "
@@ -733,11 +822,12 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<--recovery-pin=>"
 msgstr ""
 
 #. type: Plain text
-#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron opensuse-tumbleweed
 msgid ""
 "Takes a boolean\\&. Defaults to false\\&. Honoured by B<make-policy>\\&. If "
 "true, will query the user for a PIN to unlock the TPM2 NV index with\\&. If "
@@ -752,11 +842,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<--pcrlock=>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Takes a file system path as argument\\&. If specified overrides where to "
 "write the generated pcrlock data to\\&. Honoured by the various B<lock-*> "
@@ -766,11 +858,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<--policy=>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Takes a file system path as argument\\&. If specified overrides where to "
 "write pcrlock policy metadata to\\&. If not specified defaults to /var/lib/"
@@ -779,11 +873,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<--force>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "If specified with B<make-policy>, the predicted policy will be written to "
 "the NV index even if it is detected to be the same as the previously stored "
@@ -792,11 +888,13 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<--json=>I<MODE>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "Shows output formatted as JSON\\&. Expects one of \"short\" (for the "
 "shortest possible output without any redundant whitespace or line breaks), "
@@ -806,53 +904,62 @@ msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<--no-pager>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "Do not pipe output into a pager\\&."
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<-h>, B<--help>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "Print a short help text and exit\\&."
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "B<--version>"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "Print a short version string and exit\\&."
 msgstr ""
 
 #. type: SH
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 #, no-wrap
 msgid "EXIT STATUS"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid "On success, 0 is returned, a non-zero failure code otherwise\\&."
 msgstr ""
 
 #. type: SH
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 #, no-wrap
 msgid "SEE ALSO"
 msgstr ""
 
 #. type: Plain text
-#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: archlinux fedora-40 mageia-cauldron opensuse-tumbleweed
 msgid ""
 "B<systemd>(1), B<systemd.pcrlock>(5), B<systemd-cryptenroll>(1), B<systemd-"
 "cryptsetup@.service>(8), B<systemd-repart>(8), B<systemd-pcrmachine."
@@ -861,23 +968,135 @@ msgstr ""
 
 #. type: SH
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 #, no-wrap
 msgid "NOTES"
 msgstr ""
 
 #. type: IP
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 #, no-wrap
 msgid " 1."
 msgstr ""
 
 #. type: Plain text
-#: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
-msgid "TCG Common Event Log Format (CEL-JSON)"
+#: archlinux debian-unstable fedora-rawhide mageia-cauldron opensuse-tumbleweed
+msgid "TCG Canonical Event Log Format (CEL-JSON)"
 msgstr ""
 
 #. type: Plain text
 #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron
+#: opensuse-tumbleweed
 msgid ""
 "\\%https://trustedcomputinggroup.org/resource/canonical-event-log-format/"
 msgstr ""
+
+#. type: TH
+#: debian-unstable fedora-rawhide
+#, no-wrap
+msgid "systemd 256~rc3"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable fedora-rawhide
+msgid "B</usr/lib/systemd/systemd-pcrlock> [OPTIONS...]"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable fedora-rawhide
+msgid ""
+"Boot component definition files (*\\&.pcrlock and *\\&.pcrlock\\&.d/*\\&."
+"pcrlock, see B<systemd.pcrlock>(5)) that each define expected measurements "
+"for one component of the boot process, permitting alternative variants for "
+"each\\&. (Variants may be used to bless multiple kernel versions or boot "
+"loader versions at the same time\\&.)"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable fedora-rawhide
+msgid ""
+"Starting with v256, a copy of the /var/lib/systemd/pcrlock\\&.json policy "
+"file is encoded in a credential (see B<systemd-creds>(1)  for details) and "
+"written to the EFI System Partition or XBOOTLDR partition, in the /loader/"
+"credentials/ subdirectory\\&. There it is picked up at boot by B<systemd-"
+"stub>(7)  and passed to the invoked initrd, where it can be used to unlock "
+"the root file system (which typically contains /var/, which is where the "
+"primary copy of the policy is located, which hence cannot be used to unlock "
+"the root file system)\\&. The credential file is named after the boot entry "
+"token of the installation (see B<bootctl>(1)), which is configurable via the "
+"B<--entry-token=> switch, see below\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable fedora-rawhide
+msgid ""
+"Takes one of \"hide\", \"show\" or \"query\"\\&. Defaults to \"hide\"\\&. "
+"Honoured by B<make-policy>\\&. If \"query\", will query the user for a PIN "
+"to unlock the TPM2 NV index with\\&. If no policy was created before, this "
+"PIN is used to protect the newly allocated NV index\\&. If a policy has been "
+"created before, the PIN is used to unlock write access to the NV index\\&. "
+"If either \"hide\" or \"show\" is used, a PIN is automatically generated, "
+"and \\(em only in case of \"show\" \\(em displayed on screen\\&. Regardless "
+"if user supplied or automatically generated, it is stored in encrypted form "
+"in the policy metadata file\\&. The recovery PIN may be used to regain write "
+"access to an NV index in case the access policy became out of date\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable fedora-rawhide
+msgid "B<--entry-token=>"
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable fedora-rawhide
+msgid ""
+"Sets the boot entry token to use for the file name for the pcrlock policy "
+"credential in the EFI System Partition or XBOOTLDR partition\\&. See the "
+"B<bootctl>(1)  option of the same regarding expected values\\&. This switch "
+"has an effect on the B<make-policy> command only\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable fedora-rawhide
+msgid "Added in version 256\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-unstable fedora-rawhide
+msgid ""
+"B<systemd>(1), B<systemd.pcrlock>(5), B<systemd-cryptenroll>(1), B<systemd-"
+"cryptsetup@.service>(8), B<systemd-repart>(8), B<systemd-pcrmachine."
+"service>(8), B<systemd-creds>(1), B<systemd-stub>(7), B<bootctl>(1)"
+msgstr ""
+
+#. type: Plain text
+#: fedora-40
+msgid ""
+"This reads the combined TPM2 event log and writes it to STDOUT in "
+"\\m[blue]B<TCG Common Event Log Format (CEL-"
+"JSON)>\\m[]\\&\\s-2\\u[1]\\d\\s+2 format\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-40
+msgid ""
+"Generates/removes a \\&.pcrlock file based on raw binary data\\&. The data "
+"is either read from the specified file or from STDIN (if none is "
+"specified)\\&. This requires that B<--pcrs=> is specified\\&. The generated "
+"pcrlock file is written to the file specified via B<--pcrlock=> or to STDOUT "
+"(if none is specified)\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-40
+msgid ""
+"Specifies to NV index to store the policy in\\&. Honoured by B<make-"
+"policy>\\&. If not specified the command will automatically pick a free NV "
+"index\\&."
+msgstr ""
+
+#. type: Plain text
+#: fedora-40
+msgid "TCG Common Event Log Format (CEL-JSON)"
+msgstr ""