pcrlock: document the env vars we honour to find measurement logs

This env vars have been supported for a while, let's document them where we usually document them.
author: Lennart Poettering <lennart@poettering.net> 2024-02-21 14:42:50 +0100
committer: Lennart Poettering <lennart@poettering.net> 2024-02-21 14:45:19 +0100
commit: 0691d0e5a1f6d12c1df0e34c79a1a6e6510a1ec8 (patch)
tree: dbb1086a355f6103cea110784c09357129193fa5 /docs/ENVIRONMENT.md
parent: docs: show mkosi project on website (diff)
download: systemd-0691d0e5a1f6d12c1df0e34c79a1a6e6510a1ec8.tar.xz
systemd-0691d0e5a1f6d12c1df0e34c79a1a6e6510a1ec8.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md
index 6fa82d7177..eab1ce23e4 100644
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -622,6 +622,16 @@ SYSTEMD_HOME_DEBUG_SUFFIX=foo \
   to expose a single device only, since those identifiers better should be kept
   unique.
 
+`systemd-pcrlock`, `systemd-pcrextend`:
+
+* `$SYSTEMD_MEASURE_LOG_USERSPACE` – the path to the `tpm2-measure.log` file
+  (containing userspace measurement data) to read. This allows overriding the
+  default of `/run/log/systemd/tpm2-measure.log`.
+
+* `$SYSTEMD_MEASURE_LOG_FIRMWARE` – the path to the `binary_bios_measurements`
+  file (containing firmware measurement data) to read. This allows overriding
+  the default of `/sys/kernel/security/tpm0/binary_bios_measurements`.
+
 Tools using the Varlink protocol (such as `varlinkctl`) or sd-bus (such as
 `busctl`):
author	Lennart Poettering <lennart@poettering.net>	2024-02-21 14:42:50 +0100
committer	Lennart Poettering <lennart@poettering.net>	2024-02-21 14:45:19 +0100
commit	0691d0e5a1f6d12c1df0e34c79a1a6e6510a1ec8 (patch)
tree	dbb1086a355f6103cea110784c09357129193fa5 /docs/ENVIRONMENT.md
parent	docs: show mkosi project on website (diff)
download	systemd-0691d0e5a1f6d12c1df0e34c79a1a6e6510a1ec8.tar.xz systemd-0691d0e5a1f6d12c1df0e34c79a1a6e6510a1ec8.zip