Features:
+* add support for asymmetric LUKS2 TPM based encryption. i.e. allow preparing
+ an encrypted image on some host given a public key belonging to a specific
+ other host, so that only hosts possessing the private key in the TPM2 chip
+ can decrypt the volume key and activate the volume. Usecase: systemd-syscfg
+ for a central orchestrator to generate syscfg images securely that can only
+ be activated on one specific host (which can be used for installing a bunch
+ of creds in /etc/credstore/ for example). Extending on this: allow binding
+ LUKS2 TPM based encryption also to the TPM2 internal clock. Net result:
+ prepare a syscfg image that can only be activated on a specific host that
+ runs a specific software in a specific time window. syscfg would be
+ automatically invalidated outside of it.
+
+* maybe add a "systemd-report" tool, that generates a TPM2-backed "report" of
+ current system state, i.e. a combination of PCR information, local system
+ time and TPM clock, running services, recent high-priority log
+ messages/coredumps, system load/PSI, signed by the local TPM chip, to form an
+ enhanced remote attestation quote. Usecase: a simple orchestrator could use
+ this: have the report tool upload thes reports every 3min somewhere. Then
+ have the orchestrator collect these reports centrally over a 3min time
+ window, and use them to determine what which node should now start/stop what,
+ and generate a small syscfg for each node, that uses Uphold= to pin services
+ on each node. The syscfg would be encrypted using the asymmetric encryption
+ proposed above, so that it can only be activated on the specific host, if the
+ software is in a good state, and within a specific time frame. Then run a
+ loop on each node that sends report to orchestrator and then sysupdate to
+ update syscfg. Orchestrator would be stateless, i.e. operate on desired
+ config and collected reports in the last 3min time window only, and thus can
+ be trivially scaled up since all instances of the orchestrator should come to
+ the same conclusions given the same inputs of reports/desired workload info.
+ Could also be used to deliver Wireguard secrets and thus to clients, thus
+ permitting zero-trust networking: secrets are rolled over via syscfg updates,
+ and via the time window TPM logic invalidated if node doesn't keep itself
+ updated, or becomes corrupted in some way.
+
+* Always measure the LUKS rootfs volume key into PCR 15, and derive the machine
+ ID from it securely. This would then allow us to bind secrets a specific
+ system securely.
+
+* nspawn: maybe allow TPM passthrough, backed by swtpm, and measure --image=
+ hash into its PCR 11, so that nspawn instances can be TPM enabled, and
+ partake in measurements/remote attestation and such. swtpm would run outside
+ of control of container, and ideally would itself bind its encryption keys to
+ host TPM.
+
* tree-wide: convert as much as possible over to use sd_event_set_signal_exit(), instead
of manually hooking into SIGINT/SIGTERM
projects / thirdparty / systemd.git / commitdiff
