From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 11 Mar 2025 16:19:25 +0000 (+0100)
Subject: update TODO
X-Git-Tag: v258-rc1~1114
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=338553715b618aba8299d053a8796f7ce9c58d3e;p=thirdparty%2Fsystemd.git

update TODO
---

diff --git a/TODO b/TODO
index 33cc02d406d..151c364498a 100644
--- a/TODO
+++ b/TODO
@@ -130,6 +130,21 @@ Deprecations and removals:
 
 Features:
 
+* pcrextend: when we fail to measure, reboot the system (at least optionally).
+  important because certain measurements are supposed to "destroy" tpm object
+  access.
+
+* pcrextend: after measuring get an immediate quote from the TPM, and validate
+  it. if it doesn't check out, i.e. the measurement we made doesn't appear in
+  the PCR then also reboot.
+
+* cryptsetup: add boolean for disabling use of any password/recovery key slots.
+
+* dissect: when mounting a file system, look into certain xattrs on / in them, and
+  if that exists, check if gpt partition flags + type uuid + uuid match the
+  data encoded therein, so that attackers cannot make us misuse our file
+  systems
+
 * complete varlink introspection comments:
   - io.systemd.BootControl
   - io.systemd.Hostname