update TODO

author Lennart Poettering <lennart@poettering.net>

Fri, 14 Oct 2022 19:21:46 +0000 (21:21 +0200)

committer Lennart Poettering <lennart@poettering.net>

Tue, 17 Jan 2023 08:42:16 +0000 (09:42 +0100)
author Lennart Poettering <lennart@poettering.net>
Fri, 14 Oct 2022 19:21:46 +0000 (21:21 +0200)
committer Lennart Poettering <lennart@poettering.net>
Tue, 17 Jan 2023 08:42:16 +0000 (09:42 +0100)
diff --git a/TODO b/TODO

index d95cbfaeb78c0a0cefdd3fc279a8280e8b5652fc..e78cfa15962f2179c11996b430d5f252ba6efdf4 100644 (file)
--- a/TODO
+++ b/TODO
@@ -451,9 +451,8 @@ Features:
    and via the time window TPM logic invalidated if node doesn't keep itself
    updated, or becomes corrupted in some way.
  
-* Always measure the LUKS rootfs volume key into PCR 15, and derive the machine
-  ID from it securely. This would then allow us to bind secrets a specific
-  system securely.
+* in the initrd, once the rootfs encryption key has been measured to PCR 15,
+  derive default machine ID to use from it, and pass it to host PID 1.
  
  * tree-wide: convert as much as possible over to use sd_event_set_signal_exit(), instead
    of manually hooking into SIGINT/SIGTERM
author	Lennart Poettering <lennart@poettering.net>
	Fri, 14 Oct 2022 19:21:46 +0000 (21:21 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Tue, 17 Jan 2023 08:42:16 +0000 (09:42 +0100)