attestation environments which use hardware CC registers and not the
TPM quote.
- * By default networking to cloud IMDS services is now locked down, for
- recognized clouds. This is recommended for secure installations, but
- typically conflicts with traditional IMDS clients such as cloud-init,
- which require direct IMDS access currently. The new meson option
- "imds-network" can be used to change the default networking mode to
- "unlocked" at build-time, for compatibility. This is probably what
- general purpose distributions should set for now.
+ New features:
+
+ * Networking to cloud IMDS services may be locked down for recognized
+ clouds. This is recommended for secure installations, but typically
+ conflicts with traditional IMDS clients such as cloud-init, which
+ require direct IMDS access. The new meson option "-Dimds-network="
+ can be used to change the default mode to "locked" at build-time.
CHANGES WITH 260:
description : 'install the systemd-timesyncd daemon')
option('imds', type : 'feature',
description : 'install the systemd-imds stack')
-option('imds-network', type : 'combo', choices : [ 'locked', 'unlocked' ],
+option('imds-network', type : 'combo', choices : ['unlocked', 'locked'],
description : 'whether to default to locked/unlocked IMDS network mode')
option('journal-storage-default', type : 'combo', choices : ['persistent', 'auto', 'volatile', 'none'],
description : 'default storage mode for journald (main namespace)')
projects / thirdparty / systemd.git / commitdiff
