Update NEWS with latest changes

author Luca Boccassi <bluca@debian.org>

Fri, 14 Jul 2023 22:45:00 +0000 (23:45 +0100)

committer Luca Boccassi <bluca@debian.org>

Sat, 15 Jul 2023 00:14:55 +0000 (01:14 +0100)
author Luca Boccassi <bluca@debian.org>
Fri, 14 Jul 2023 22:45:00 +0000 (23:45 +0100)
committer Luca Boccassi <bluca@debian.org>
Sat, 15 Jul 2023 00:14:55 +0000 (01:14 +0100)
diff --git a/NEWS b/NEWS

index 46eb343f472bf972edb6ef172a00d668a628f31f..21bd87d422ce4c92544da6569efb2db4fce31a28 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -238,6 +238,11 @@ CHANGES WITH 254 in spe:
            and will also set a SYSTEMD_CONFIDENTIAL_VIRTUALIZATION= environment
            variable for unit generators. Finally, udev rules can match on a new
            'cvm' key that will be set when in a confidential VM.
+          Additionally, when running in a 'Confidential Virtual Machine', SMBIOS
+          strings and QEMU's fw_cfg protocol will not be used to import
+          credentials and kernel command line parameters by the system manager,
+          systemd-boot and systemd-stub, because the hypervisor is considered
+          untrusted in this particular setting.
  
          Journal:
author	Luca Boccassi <bluca@debian.org>
	Fri, 14 Jul 2023 22:45:00 +0000 (23:45 +0100)
committer	Luca Boccassi <bluca@debian.org>
	Sat, 15 Jul 2023 00:14:55 +0000 (01:14 +0100)