diff --git a/cli/src/main.rs b/cli/src/main.rs
index ef63254..47e875d 100644
--- a/cli/src/main.rs
+++ b/cli/src/main.rs
@@ -106,6 +106,11 @@ enum Command {
         )]
         no_secureboot: bool,
     },
+    /// Compute PCR 8
+    Pcr8 {
+        #[arg(default_value_t = 5, long, help = "The timeout for boot menu")]
+        timeout: u8,
+    },
     /// Compute PCR 11
     Pcr11 {
         /// Path to a UKI
@@ -191,6 +196,11 @@ fn main() -> Result<()> {
             println!("{}", serde_json::to_string_pretty(&pcr).unwrap());
             Ok(())
         }
+        Command::Pcr8 { timeout } => {
+            let pcr = compute_pcr8(*timeout);
+            println!("{}", serde_json::to_string_pretty(&pcr).unwrap());
+            Ok(())
+        }
         Command::Pcr11 { uki } => {
             let pcr = compute_pcr11(uki);
             println!("{}", serde_json::to_string_pretty(&pcr).unwrap());
diff --git a/lib/src/lib.rs b/lib/src/lib.rs
index 83ce228..d3093af 100644
--- a/lib/src/lib.rs
+++ b/lib/src/lib.rs
@@ -54,3 +54,7 @@ pub fn compute_pcr7(efivars_path: Option<&str>, esp_path: &str, secureboot_enabl
 pub fn compute_pcr14(mok_variables: &str) -> Pcr {
     Pcr::compile_from(&tpmevents::compute::pcr14_events(mok_variables))
 }
+
+pub fn compute_pcr8(timeout: u8) -> Pcr {
+    Pcr::compile_from(&tpmevents::compute::pcr8_events(timeout))
+}
diff --git a/lib/src/tpmevents.rs b/lib/src/tpmevents.rs
index a188d52..1104b54 100644
--- a/lib/src/tpmevents.rs
+++ b/lib/src/tpmevents.rs
@@ -40,6 +40,8 @@ pub enum TPMEventID {
     Pcr7GrubDbCert,
     Pcr7GrubVendorDbCert,
     Pcr7GrubMokListCert,
+    Pcr8GrubTimeout,
+    Pcr8GrubBlscfg,
     Pcr11Linux,
     Pcr11LinuxContent,
     Pcr11Osrel,
@@ -79,6 +81,8 @@ impl TPMEventID {
             TPMEventID::Pcr7GrubDbCert => TPMEG_SECUREBOOT | TPMEG_BOOTLOADER,
             TPMEventID::Pcr7GrubVendorDbCert => TPMEG_SECUREBOOT | TPMEG_BOOTLOADER,
             TPMEventID::Pcr7GrubMokListCert => TPMEG_SECUREBOOT | TPMEG_BOOTLOADER | TPMEG_MOKVARS,
+            TPMEventID::Pcr8GrubTimeout => TPMEG_BOOTLOADER,
+            TPMEventID::Pcr8GrubBlscfg => TPMEG_BOOTLOADER,
             TPMEventID::Pcr11Linux => TPMEG_UKI,
             TPMEventID::Pcr11LinuxContent => TPMEG_UKI,
             TPMEventID::Pcr11Osrel => TPMEG_UKI,
diff --git a/lib/src/tpmevents/compute.rs b/lib/src/tpmevents/compute.rs
index 2c52970..626b00a 100644
--- a/lib/src/tpmevents/compute.rs
+++ b/lib/src/tpmevents/compute.rs
@@ -47,6 +47,8 @@ const MODELS_MOKVARS: [TPMEventID; 3] = [
     TPMEventID::Pcr14MokListTrusted,
 ];
 
+const MODELS_GRUB_CFG: [TPMEventID; 2] = [TPMEventID::Pcr8GrubTimeout, TPMEventID::Pcr8GrubBlscfg];
+
 pub fn pcr4_events(
     kernels_dir: &str,
     esp_path: &str,
@@ -278,3 +280,21 @@ pub fn pcr14_events(mok_variables: &str) -> Vec<TPMEvent> {
         })
         .collect()
 }
+
+pub fn pcr8_events(timeout: u8) -> Vec<TPMEvent> {
+    let n_pcr = 8;
+
+    let sections: Vec<String> = vec![format!("set timeout={timeout}"), "blscfg".into()];
+    let mut events: Vec<TPMEvent> = vec![];
+
+    sections.iter().zip(MODELS_GRUB_CFG).for_each(|(s, cid)| {
+        events.push(TPMEvent {
+            name: s.into(),
+            pcr: n_pcr,
+            hash: Sha256::digest(s).to_vec(),
+            id: cid,
+        });
+    });
+
+    events
+}