It is not yet possible to specify specific PCR values independent of the currently set PCR values.
This would allow disabling the password-less calculate operation after booting the device. This
makes most sense, once a TSS2 FAPI is available that will enable an interface to a canonical PCR event log.
It should perhaps read
The current PCR values are used during `init`. It's not yet possible to explicitly specify the PCR values
to be used for sealing the secret. Once implemented, we could seal the TOTP secret to an PCR state
which is only available during boot. Due to PCR extensions post-boot, any later attempts to unseal
the secret would fail. We can implement this once we implement a TSS2 FAPI interface to a
canonical PCR event log.
should be
The following is cryptic:
It should perhaps read