Update the documentation to address tpm2_dump_pcr.
Signed-off-by: Gary Lin <glin@suse.com>
---
docs/grub.texi | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/docs/grub.texi b/docs/grub.texi
index 200e747af..aba43e35e 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -6433,6 +6433,7 @@ you forget a command, you can run the command
@command{help}
* test:: Check file types and compare values
* tpm2_key_protector_init:: Initialize the TPM2 key protector
* tpm2_key_protector_clear:: Clear the TPM2 key protector
+* tpm2_dump_pcr:: Dump TPM2 PCRs
* true:: Do nothing, successfully
* trust:: Add public key to list of trusted keys
* unset:: Unset an environment variable
@@ -8044,6 +8045,18 @@ key and unseal it with the given PCR list and bank.
Clear the TPM2 key protector if previously initialized.
@end deffn
+@node tpm2_dump_pcr
+@subsection tpm2_dump_pcr
+
+@deffn Command tpm2_dump_pcr [@var{bank}]
+Print all PCRs of the specified TPM 2.0 @var{bank}. The supported banks are
+@samp{sha1}, @samp{sha256}, @samp{sha384}, and @samp{sha512}. If @var{bank}
+is not specified, @samp{sha256} is chosen by default.
+
+Since GRUB measures every command into PCR 8, invoking @command{tpm2_dump_pcr}
+also extends PCR 8, so PCR 8 will not be a stable value in GRUB shell.