* Add UKI profiles that are only available if secure boot is turned off
+* fix bug around run0 background color on ls in fresh terminal
+
+* Reset TPM2 DA bit on each successful boot
+
+* systemd-repart: add --installer or so, that will intractively ask for a
+ target disk, maybe ask for confirmation, and install something on disk. Then,
+ hook that into installer.target or so, so that it can be used to
+ install/replicate installs
+
+* systemd-cryptenroll: add --firstboot or so, that will interactively ask user
+ whether recovery key shall be enrolled and do so
+
+* sd-boot: when looking for a BLS type #1 resource and it cannot be found in
+ the ESP check if ESP is backed by ramdisk/http and then request it from same
+ http base. Then: make mkosi build a 2nd esp maybe called the "netesp" that
+ contains bls type #1 entries pointing to the UKIs which would then be
+ requested via http this way.
+
+* bootctl: add tool for registering BootXXX entry that boots from some http
+ server of your choice
+
* maybe introduce container-shell@.service or so, to match
container-getty.service but skips authentication, so you get a shell prompt
directly. Usecase: wsl-like stuff (they have something pretty much like
projects / thirdparty / systemd.git / commitdiff
