diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml
index 9a4b0cada41..67c7e07778a 100644
--- a/man/systemd-analyze.xml
+++ b/man/systemd-analyze.xml
@@ -186,6 +186,11 @@
architectures
NAME
+
+ systemd-analyze
+ OPTIONS
+ smbios11
+
@@ -979,6 +984,26 @@ x86-64 native
+
+ systemd-analyze smbios11
+
+ Shows a list of SMBIOS Type #11 strings passed to the system. Also see
+ smbios-type-117.
+
+
+ Example output
+ $ systemd-analyze smbios11
+io.systemd.stub.kernel-cmdline-extra=console=ttyS0
+io.systemd.credential.binary:ssh.ephemeral-authorized_keys-all=c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSURGd20xbFp4WlRGclJteG9ZQlozOTYzcE1uYlJCaDMwM1MxVXhLSUM2NmYgbGVubmFydEB6ZXRhCg==
+io.systemd.credential:vmm.notify_socket=vsock-stream:2:254570042
+
+3 SMBIOS Type #11 strings passed.
+
+
+
+
+
+
diff --git a/src/analyze/analyze-smbios11.c b/src/analyze/analyze-smbios11.c
new file mode 100644
index 00000000000..cee5a3ad0be
--- /dev/null
+++ b/src/analyze/analyze-smbios11.c
@@ -0,0 +1,73 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "analyze.h"
+#include "analyze-smbios11.h"
+#include "escape.h"
+#include "smbios11.h"
+#include "virt.h"
+
+int verb_smbios11(int argc, char *argv[], void *userdata) {
+ unsigned n = 0;
+ int r;
+
+ for (unsigned i = 0;; i++) {
+ _cleanup_free_ char *data = NULL;
+ bool written = false;
+ size_t size;
+
+ r = read_smbios11_field(i, SIZE_MAX, &data, &size);
+ if (r == -ENOENT) /* Reached the end */
+ break;
+ if (r < 0)
+ return log_error_errno(r, "Failed to read SMBIOS Type #11 string %u: %m", i);
+ bool incomplete = r == 0;
+
+ size_t left, skip;
+ const char *p;
+ for (p = data, left = size; left > 0; p += skip, left -= skip) {
+ const char *nul;
+
+ nul = memchr(p, 0, left);
+ if (nul)
+ skip = (nul - p) + 1;
+ else {
+ nul = p + left;
+ skip = left;
+ }
+
+ if (nul - p == 0) /* Skip empty strings */
+ continue;
+
+ _cleanup_free_ char *escaped = NULL;
+ escaped = cescape_length(p, nul - p);
+ if (!escaped)
+ return log_oom();
+
+ if (written)
+ fputc('\n', stdout);
+
+ fputs(escaped, stdout);
+ written = true;
+ n++;
+ }
+
+ if (written) {
+ if (incomplete)
+ fputs(special_glyph(SPECIAL_GLYPH_ELLIPSIS), stdout);
+
+ fputc('\n', stdout);
+ }
+
+ if (i == UINT_MAX) /* Prevent overflow */
+ break;
+ }
+
+ if (!arg_quiet) {
+ if (n == 0)
+ log_info("No SMBIOS Type #11 strings passed.");
+ else
+ log_info("\n%u SMBIOS Type #11 strings passed.", n);
+ }
+
+ return EXIT_SUCCESS;
+}
diff --git a/src/analyze/analyze-smbios11.h b/src/analyze/analyze-smbios11.h
new file mode 100644
index 00000000000..4b1f334dc8f
--- /dev/null
+++ b/src/analyze/analyze-smbios11.h
@@ -0,0 +1,4 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+int verb_smbios11(int argc, char *argv[], void *userdata);
diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
index cf4894a9d3b..db3996faea4 100644
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -34,6 +34,7 @@
#include "analyze-plot.h"
#include "analyze-security.h"
#include "analyze-service-watchdogs.h"
+#include "analyze-smbios11.h"
#include "analyze-srk.h"
#include "analyze-syscall-filter.h"
#include "analyze-time.h"
@@ -241,6 +242,7 @@ static int help(int argc, char *argv[], void *userdata) {
" image-policy POLICY... Analyze image policy string\n"
" pcrs [PCR...] Show TPM2 PCRs and their names\n"
" srk [>FILE] Write TPM2 SRK (to FILE)\n"
+ " smbios11 List strings passed via SMBIOS Type #11\n"
"\nOptions:\n"
" --recursive-errors=MODE Control which units are verified\n"
" --offline=BOOL Perform a security review on unit file(s)\n"
@@ -657,6 +659,7 @@ static int run(int argc, char *argv[]) {
{ "pcrs", VERB_ANY, VERB_ANY, 0, verb_pcrs },
{ "srk", VERB_ANY, 1, 0, verb_srk },
{ "architectures", VERB_ANY, VERB_ANY, 0, verb_architectures },
+ { "smbios11", VERB_ANY, 1, 0, verb_smbios11 },
{}
};
diff --git a/src/analyze/meson.build b/src/analyze/meson.build
index f150ed7613b..a307923c22e 100644
--- a/src/analyze/meson.build
+++ b/src/analyze/meson.build
@@ -22,6 +22,7 @@ systemd_analyze_sources = files(
'analyze-plot.c',
'analyze-security.c',
'analyze-service-watchdogs.c',
+ 'analyze-smbios11.c',
'analyze-srk.c',
'analyze-syscall-filter.c',
'analyze-time.c',
diff --git a/test/units/TEST-65-ANALYZE.sh b/test/units/TEST-65-ANALYZE.sh
index 18f5c4d804a..fde15192f78 100755
--- a/test/units/TEST-65-ANALYZE.sh
+++ b/test/units/TEST-65-ANALYZE.sh
@@ -947,6 +947,9 @@ systemd-analyze architectures x86-64
systemd-analyze architectures native
systemd-analyze architectures uname
+systemd-analyze smbios11
+systemd-analyze smbios11 -q
+
systemd-analyze log-level info
touch /testok