On 2025-05-09 12:36, Andrei Borzenkov wrote:
I know that it is documented, but that leads to rather bad user experience. User requests specific protection via --pcr= option, pcrlock decides to skip (some of) them and binds unlocking to just a subset of PCRs pretending that the operation succeeded.
There is this PR, that needs to be pushed a bit: https://github.com/systemd/systemd/pull/31341
