[systemd-devel] systemd-pcrlock silently ignores user requested PCRs downgrading security

[aplanas]

On 2025-05-09 12:36, Andrei Borzenkov wrote:
> I know that it is documented, but that leads to rather bad user
> experience. User requests specific protection via --pcr= option,
> pcrlock decides to skip (some of) them and binds unlocking to just a
> subset of PCRs pretending that the operation succeeded.

There is this PR, that needs to be pushed a bit:

https://github.com/systemd/systemd/pull/31341