From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 27 Sep 2023 07:33:48 +0000 (+0200)
Subject: update TODO
X-Git-Tag: v255-rc1~380^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1a9454a9420c7835fc8ee3508906b98d92f16f11;p=thirdparty%2Fsystemd.git

update TODO
---

diff --git a/TODO b/TODO
index b084518aae1..408b799a2d6 100644
--- a/TODO
+++ b/TODO
@@ -186,6 +186,14 @@ Features:
   AllowPeerUser= + AllowPeerGroup= to allow trivially simple access control
   when invoked via socket as IPC services
 
+* systemd-tpm2-setup should probably have a factory reset logic, i.e. when some
+  kernel command line option is set we reset the TPM (equivalent of tpm2_clear
+  -c owner?).
+
+* systemd-tpm2-setup should support a mode where we refuse booting if the SRK
+  changed. (Must be opt-in, to not break systems which are supposed to be
+  migratable between PCs)
+
 * when systemd-sysext learns mutable /usr/ (and systemd-confext mutable /etc/)
   then allow them to store the result in a .v/ versioned subdir, for some basic
   snapshot logic