From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 14 Oct 2022 09:32:43 +0000 (+0200)
Subject: update TODO
X-Git-Tag: v252-rc2~42
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4554c178bf07ded86f9f3982f26e87afd1caf0f4;p=thirdparty%2Fsystemd.git

update TODO
---

diff --git a/TODO b/TODO
index 642c5969453..d4e21a7cbf1 100644
--- a/TODO
+++ b/TODO
@@ -119,6 +119,12 @@ Deprecations and removals:
 
 Features:
 
+* We should start measuring all services, containers, and system extensions we
+  activate. probably into PCR 13. i.e. add --tpm2-measure-pcr= or so to
+  systemd-nspawn, and MeasurePCR= to unit files. Should contain a measurement
+  of the activated configuration and the image that is being activated (in case
+  verity is used, hash of the root hash).
+
 * whenever we measure something into a TPM PCR from userspace, write a record in
   TCG's "Canonical Event Log" format to some file, so that we can reason about
   how PCR values we manage came to