diff --git a/README b/README
index d8dd4b2..fa36925 100644
--- a/README
+++ b/README
@@ -299,7 +299,7 @@ store your most intimate confessions. ;)
 4) Reboot the system, choose one of the entries called "AEM Qubes". This will
 attempt to perform a "measured launch" using tboot and the SINIT module you
 downloaded, which records the Xen, kernel, and initrd versions used in PCRs
-17-19 of the TPM for use in sealing and unsealing your secret. If the measured
+17-18 of the TPM for use in sealing and unsealing your secret. If the measured
 launch fails for any reason, tboot will fall back to a normal boot and AEM
 will not function.
 
@@ -312,7 +312,7 @@ As the system continues booting, AEM will automatically seal your
 secret(s). You should see a line, or multiple lines, like this one:
 
 Sealed /var/lib/anti-evil-maid/aem/secret.txt using
- --pcr 13 --pcr 17 --pcr 18 --pcr 19
+ --pcr 13 --pcr 17 --pcr 18
 
 Debug output can be read using:
 
diff --git a/etc/anti-evil-maid.conf b/etc/anti-evil-maid.conf
index 99ca682..622f33e 100644
--- a/etc/anti-evil-maid.conf
+++ b/etc/anti-evil-maid.conf
@@ -7,10 +7,10 @@
 #    12: (SRTM) Xen/kernel params passed by TrustedGRUB1
 #    13:        LUKS header(s)
 #    14: (SRTM) Xen/kernel/initrd loaded by TrustedGRUB1
-# 17-19: (DRTM) TBoot
+# 17-18: (DRTM) TrenchBoot
 #
 # SRTM =  Static Root of Trust Measurement
 # DRTM = Dynamic Root of Trust Measurement (Intel TXT)
 
 # shellcheck disable=SC2034
-SEAL="--pcr 13 --pcr 17 --pcr 18 --pcr 19"
+SEAL="--pcr 13 --pcr 17 --pcr 18"