From 0691d0e5a1f6d12c1df0e34c79a1a6e6510a1ec8 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 21 Feb 2024 14:42:50 +0100
Subject: pcrlock: document the env vars we honour to find measurement logs

This env vars have been supported for a while, let's document them where
we usually document them.
---
 docs/ENVIRONMENT.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'docs/ENVIRONMENT.md')

diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md
index 6fa82d7177..eab1ce23e4 100644
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -622,6 +622,16 @@ SYSTEMD_HOME_DEBUG_SUFFIX=foo \
   to expose a single device only, since those identifiers better should be kept
   unique.
 
+`systemd-pcrlock`, `systemd-pcrextend`:
+
+* `$SYSTEMD_MEASURE_LOG_USERSPACE` – the path to the `tpm2-measure.log` file
+  (containing userspace measurement data) to read. This allows overriding the
+  default of `/run/log/systemd/tpm2-measure.log`.
+
+* `$SYSTEMD_MEASURE_LOG_FIRMWARE` – the path to the `binary_bios_measurements`
+  file (containing firmware measurement data) to read. This allows overriding
+  the default of `/sys/kernel/security/tpm0/binary_bios_measurements`.
+
 Tools using the Varlink protocol (such as `varlinkctl`) or sd-bus (such as
 `busctl`):
 
-- 
cgit v1.2.3