From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 16 Sep 2022 15:24:08 +0000 (+0100)
Subject: update TODO
X-Git-Tag: v252-rc1~172
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d52e1c81b9ec2fe1eafe96f7c774ed4394f5a829;p=thirdparty%2Fsystemd.git

update TODO

Seeding RNG via SMBIOS is bad idea, since often measurement of SMBIOS
tables is used for TPM policies, under the assumption SMBIOS remains
static after a certain point.
---

diff --git a/TODO b/TODO
index 7eb7086cffb..7a074dd6f87 100644
--- a/TODO
+++ b/TODO
@@ -187,11 +187,6 @@ Features:
 * sd-boot: include domain specific hash string in hash function for random seed
   plus sizes of everything. also include DMI/SMBIOS blob
 
-* accept a random seed via DMI/SMBIOS vendor string that is credited to the
-  kernel RNG, as cheap alternative to virtio-rng (problem: when credited it
-  must also be invalidated, question is if we can safely do that for SMBIOS
-  data structures)
-
 * sd-stub: invoke random seed logic the same way as in sd-boot, except if
   random seed EFI variable is already set. That way, the variable set will be
   set in all cases: if you just use sd-stub, or just sd-boot, or both.