diff --git a/man/systemd-pcrlock.xml b/man/systemd-pcrlock.xml
index 4d1a7200c5..521f3a8bde 100644
--- a/man/systemd-pcrlock.xml
+++ b/man/systemd-pcrlock.xml
@@ -463,7 +463,7 @@
 
         <para>If used with <command>predict</command> and <command>make-policy</command> this will override
         which PCRs to include in the prediction and policy. If unspecified this defaults to PCRs 0-5, 7,
-        11-15. Note that these commands will not include any PCRs in the prediction/policy (even if specified
+        11, 13-15. Note that these commands will not include any PCRs in the prediction/policy (even if specified
         explicitly) if there are measurements in the event log that do not match the current PCR value, or
         there are unrecognized measurements in the event log, or components define measurements not seen in
         the event log.</para>
diff --git a/src/pcrlock/pcrlock.c b/src/pcrlock/pcrlock.c
index 9d167ef919..3a294a9171 100644
--- a/src/pcrlock/pcrlock.c
+++ b/src/pcrlock/pcrlock.c
@@ -118,7 +118,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_entry_token, freep);
          (UINT32_C(1) << TPM2_PCR_BOOT_LOADER_CONFIG) |      \
          (UINT32_C(1) << TPM2_PCR_SECURE_BOOT_POLICY) |      \
          (UINT32_C(1) << TPM2_PCR_KERNEL_BOOT) |             \
-         (UINT32_C(1) << TPM2_PCR_KERNEL_CONFIG) |           \
+         /* Note: we do not add PCR12/TPM2_PCR_KERNEL_CONFIG here, since our pcrlock policy ends up in there, and this would hence result in a conceptual loop */ \
          (UINT32_C(1) << TPM2_PCR_SYSEXTS) |                 \
          (UINT32_C(1) << TPM2_PCR_SHIM_POLICY) |             \
          (UINT32_C(1) << TPM2_PCR_SYSTEM_IDENTITY))