diff options
Diffstat (limited to 'upstream/opensuse-tumbleweed/man8/systemd-pcrphase.service.8')
| -rw-r--r-- | upstream/opensuse-tumbleweed/man8/systemd-pcrphase.service.8 | 69 |
1 files changed, 64 insertions, 5 deletions
diff --git a/upstream/opensuse-tumbleweed/man8/systemd-pcrphase.service.8 b/upstream/opensuse-tumbleweed/man8/systemd-pcrphase.service.8 index 595294a8..8cd1d2f3 100644 --- a/upstream/opensuse-tumbleweed/man8/systemd-pcrphase.service.8 +++ b/upstream/opensuse-tumbleweed/man8/systemd-pcrphase.service.8 @@ -1,5 +1,5 @@ '\" t -.TH "SYSTEMD\-PCRPHASE\&.SERVICE" "8" "" "systemd 254" "systemd-pcrphase.service" +.TH "SYSTEMD\-PCRPHASE\&.SERVICE" "8" "" "systemd 255" "systemd-pcrphase.service" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -20,7 +20,7 @@ .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" -systemd-pcrphase.service, systemd-pcrphase-sysinit.service, systemd-pcrphase-initrd.service, systemd-pcrmachine.service, systemd-pcrfs-root.service, systemd-pcrfs@.service, systemd-pcrphase \- Measure boot phase into TPM2 PCR 11, machine ID and file system identity into PCR 15 +systemd-pcrphase.service, systemd-pcrphase-sysinit.service, systemd-pcrphase-initrd.service, systemd-pcrmachine.service, systemd-pcrfs-root.service, systemd-pcrfs@.service, systemd-pcrextend \- Measure boot phase into TPM2 PCR 11, machine ID and file system identity into PCR 15 .SH "SYNOPSIS" .PP systemd\-pcrphase\&.service @@ -35,7 +35,7 @@ systemd\-pcrfs\-root\&.service .PP systemd\-pcrfs@\&.service .PP -/usr/lib/systemd/systemd\-pcrphase +/usr/lib/systemd/systemd\-pcrextend [\fISTRING\fR] .SH "DESCRIPTION" .PP @@ -183,12 +183,25 @@ mount option in .SH "OPTIONS" .PP The -/usr/lib/systemd/system\-pcrphase +/usr/lib/systemd/system\-pcrextend executable may also be invoked from the command line, where it expects the word to extend into PCR 11, as well as the following switches: .PP \fB\-\-bank=\fR .RS 4 Takes the PCR banks to extend the specified word into\&. If not specified the tool automatically determines all enabled PCR banks and measures the word into all of them\&. +.sp +Added in version 252\&. +.RE +.PP +\fB\-\-pcr=\fR +.RS 4 +Takes the index of the PCR to extend\&. If +\fB\-\-machine\-id\fR +or +\fB\-\-file\-system=\fR +are specified defaults to 15, otherwise defaults to 11\&. +.sp +Added in version 255\&. .RE .PP \fB\-\-tpm2\-device=\fR\fIPATH\fR @@ -199,21 +212,29 @@ Controls which TPM2 device to use\&. Expects a device node path referring to the may be specified, in order to automatically determine the device node of a suitable TPM2 device (of which there must be exactly one)\&. The special value "list" may be used to enumerate all suitable TPM2 devices currently discovered\&. +.sp +Added in version 252\&. .RE .PP \fB\-\-graceful\fR .RS 4 If no TPM2 firmware, kernel subsystem, kernel driver or device support is found, exit with exit status 0 (i\&.e\&. indicate success)\&. If this is not specified any attempt to measure without a TPM2 device will cause the invocation to fail\&. +.sp +Added in version 253\&. .RE .PP \fB\-\-machine\-id\fR .RS 4 Instead of measuring a word specified on the command line into PCR 11, measure the host\*(Aqs machine ID into PCR 15\&. +.sp +Added in version 253\&. .RE .PP \fB\-\-file\-system=\fR .RS 4 Instead of measuring a word specified on the command line into PCR 11, measure identity information of the specified file system into PCR 15\&. The parameter must be the path to the established mount point of the file system to measure\&. +.sp +Added in version 253\&. .RE .PP \fB\-h\fR, \fB\-\-help\fR @@ -225,10 +246,48 @@ Print a short help text and exit\&. .RS 4 Print a short version string and exit\&. .RE +.SH "FILES" +.PP +/run/log/systemd/tpm2\-measure\&.log +.RS 4 +Measurements are logged into an event log file maintained in +/run/log/systemd/tpm2\-measure\&.log, which contains a +\m[blue]\fBJSON\-SEQ\fR\m[]\&\s-2\u[1]\d\s+2 +series of objects that follow the general structure of the +\m[blue]\fBTCG Canonical Event Log Format (CEL\-JSON)\fR\m[]\&\s-2\u[2]\d\s+2 +event objects (but lack the +"recnum" +field)\&. +.sp +A +\fBLOCK_EX\fR +BSD file lock (\fBflock\fR(2)) on the log file is acquired while the measurement is made and the file is updated\&. Thus, applications that intend to acquire a consistent quote from the TPM with the associated snapshot of the event log should acquire a +\fBLOCK_SH\fR +lock while doing so\&. +.sp +Added in version 252\&. +.RE .SH "SEE ALSO" .PP \fBsystemd\fR(1), \fBsystemd-stub\fR(7), \fBsystemd-measure\fR(1), \fBsystemd-gpt-auto-generator\fR(8), -\fBsystemd-fstab-generator\fR(8) +\fBsystemd-fstab-generator\fR(8), +\m[blue]\fBTPM2 PCR Measurements Made by systemd\fR\m[]\&\s-2\u[3]\d\s+2 +.SH "NOTES" +.IP " 1." 4 +JSON-SEQ +.RS 4 +\%https://www.rfc-editor.org/rfc/rfc7464.html +.RE +.IP " 2." 4 +TCG Canonical Event Log Format (CEL-JSON) +.RS 4 +\%https://trustedcomputinggroup.org/resource/canonical-event-log-format/ +.RE +.IP " 3." 4 +TPM2 PCR Measurements Made by systemd +.RS 4 +\%https://systemd.io/TPM2_PCR_MEASUREMENTS +.RE |