IMA: update IMA policy documentation to include pcr= option

Commit 0260643ce "ima: add policy support for extending different pcrs"
introduced a new IMA policy option "pcr=".  Missing was the documentation
for this option.  This patch updates ima_policy to include this option,
as well as an example.

Signed-off-by: Eric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

1 files changed, 7 insertions, 1 deletions

diff --git a/Documentation/ABI/testing/ima_policy b/Documentation/ABI/testing/ima_policy
index bb0f9a135e21..e76432b9954d 100644
--- a/Documentation/ABI/testing/ima_policy
+++ b/Documentation/ABI/testing/ima_policy
@@ -34,9 +34,10 @@ Description:
                         fsuuid:= file system UUID (e.g 8bcbe394-4f13-4144-be8e-5aa9ea2ce2f6)
                         uid:= decimal value
                         euid:= decimal value
-                        fowner:=decimal value
+                        fowner:= decimal value
                 lsm:    are LSM specific
                 option: appraise_type:= [imasig]
+                        pcr:= decimal value
 
                 default policy:
                         # PROC_SUPER_MAGIC
@@ -96,3 +97,8 @@ Description:
 
                 Smack:
                         measure subj_user=_ func=FILE_CHECK mask=MAY_READ
+
+                Example of measure rules using alternate PCRs:
+
+                        measure func=KEXEC_KERNEL_CHECK pcr=4
+                        measure func=KEXEC_INITRAMFS_CHECK pcr=5