From: Lennart Poettering Date: Thu, 14 Apr 2022 14:20:45 +0000 (+0200) Subject: update TODO X-Git-Tag: v251-rc2~93^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F23084%2Fhead;p=thirdparty%2Fsystemd.git update TODO --- diff --git a/TODO b/TODO index 5c05a75a482..cf22b9a7e04 100644 --- a/TODO +++ b/TODO @@ -114,12 +114,6 @@ Features: - sd-stub: automatically pick up microcode from ESP (/loader/microcode/*) and synthesize initrd from it, and measure it. Signing is not necessary, as microcode does that on its own. Pass as first initrd to kernel. - - systemd-creds should have a fallback logic that uses neither TPM nor the - system key in /var for encryption and instead some fixed key. This should - be opt in (since it provides no security properties) but be used by - kernel-install when encrypting the creds it generates on systems that lack - a TPM, so that we can have very similar codepaths on TPM and TPM-less - systems. i.e. --with-key=tpm-graceful or so. - sd-stub should measure the kernel/initrd/… into a separate PCR, so that we have one PCR we can bind the encrypted creds to that is not effected by anything else but what we drop in via kernel-install, i.e. by earlier EFI