From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 12 Mar 2025 12:34:35 +0000 (+0100)
Subject: update TODO
X-Git-Tag: v258-rc1~983^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F36714%2Fhead;p=thirdparty%2Fsystemd.git

update TODO
---

diff --git a/TODO b/TODO
index 35afd73992a..e4597084ea4 100644
--- a/TODO
+++ b/TODO
@@ -143,10 +143,17 @@ Features:
   waits and then reboots. Then use OnFailure=bsod.target from various jobs that
   should result in system reboots, such as TPM tamper detection cases.
 
+* honour validatefs xattrs in dissect-image.c too
+
 * pcrextend: maybe add option to disable measurements entirely via kernel cmdline
 
 * tpm2-setup: reboot if we detect SRK changed
 
+* validatefs: validate more things: check if image id + os id of initrd match
+  target mount, so that we refuse early any attempts to boot into different
+  images with the wrong kernels. check min/max kernel version too. all encoded
+  via xattrs in the target fs.
+
 * pcrextend: when we fail to measure, reboot the system (at least optionally).
   important because certain measurements are supposed to "destroy" tpm object
   access.
@@ -157,11 +164,6 @@ Features:
 
 * cryptsetup: add boolean for disabling use of any password/recovery key slots.
 
-* dissect: when mounting a file system, look into certain xattrs on / in them, and
-  if that exists, check if gpt partition flags + type uuid + uuid match the
-  data encoded therein, so that attackers cannot make us misuse our file
-  systems
-
 * complete varlink introspection comments:
   - io.systemd.BootControl
   - io.systemd.Hostname