The following PCRs are extended by shim:

PCR4:
- the Authenticode hash of the binary being loaded will be extended into
  PCR4 before SB verification.
- the hash of any binary for which Verify is called through the shim_lock
  protocol

PCR7:
- Any certificate in one of our certificate databases that matches a binary
  we try to load will be extended into PCR7.  That includes:
  - DBX - the system denylist, logged as "dbx"
  - MokListX - the Mok denylist, logged as "MokListX"
  - vendor_dbx - shim's built-in vendor denylist, logged as "dbx"
  - DB - the system allowlist, logged as "db"
  - vendor_db - shim's built-in vendor allowlist, logged as "db"
  - MokList the Mok allowlist, logged as "MokList"
  - vendor_cert - shim's built-in vendor allowlist, logged as "Shim"
  - shim_cert - shim's build-time generated allowlist, logged as "Shim"
- MokSBState will be extended into PCR7 if it is set, logged as
  "MokSBState".
- SBAT will be extended into PCR7 if it is set, logged as "SBAT"

PCR8:
- If you're using the grub2 TPM patchset we cary in Fedora, the kernel command
  line and all grub commands (including all of grub.cfg that gets run) are
  measured into PCR8.

PCR9:
- If you're using the grub2 TPM patchset we carry in Fedora, the kernel,
  initramfs, and any multiboot modules loaded are measured into PCR9.

PCR14:
- MokList, MokListX, and MokSBState will be extended into PCR14 if they are
  set.