Add README.tpm to explain which PCRs we extend things to.

Signed-off-by: Peter Jones <pjones@redhat.com>

README

@@ -12,5 +12,9 @@ in the shim.h header file and provides a single entry point. On 64-bit systems
 this entry point expects to be called with SysV ABI rather than MSABI, and
 so calls to it should not be wrapped.
 
+On systems with a TPM chip enabled and supported by the system firmware,
+shim will extend various PCRs with the digests of the targets it is
+loading.  A full list is in the file README.tpm .
+
 To use shim, simply place a DER-encoded public certificate in a file such as
 pub.cer and build with "make VENDOR_CERT_FILE=pub.cer".

README.tpm

@@ -0,0 +1,22 @@
+The following PCRs are extended by shim:
+
+PCR4:
+- the Authenticode hash of the binary being loaded will be extended into
+  PCR4 before SB verification.
+
+PCR7:
+- Any certificate in one of our certificate databases that matches a binary
+  we try to load will be extended into PCR7.  That includes:
+  - DBX - the system blacklist, logged as "dbx"
+  - MokListX - the Mok blacklist, logged as "MokListX"
+  - vendor_dbx - shim's built-in vendor blacklist, logged as "dbx"
+  - DB - the system whitelist, logged as "db"
+  - MokList the Mok whitelist, logged as "MokList"
+  - vendor_cert - shim's built-in vendor whitelist, logged as "Shim"
+  - shim_cert - shim's build-time generated whitelist, logged as "Shim"
+- MokSBState will be extended into PCR7 if it is set, logged as
+  "MokSBState".
+
+PCR14:
+- MokList, MokListX, and MokSBState will be extended into PCR14 if they are
+  set.