From d4c124a2afb54075c43c1a0d9d75a2a1bb8f6c45 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Fri, 14 Jul 2023 23:45:00 +0100
Subject: [PATCH] Update NEWS with latest changes

---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/NEWS b/NEWS
index 46eb343f472..21bd87d422c 100644
--- a/NEWS
+++ b/NEWS
@@ -238,6 +238,11 @@ CHANGES WITH 254 in spe:
           and will also set a SYSTEMD_CONFIDENTIAL_VIRTUALIZATION= environment
           variable for unit generators. Finally, udev rules can match on a new
           'cvm' key that will be set when in a confidential VM.
+          Additionally, when running in a 'Confidential Virtual Machine', SMBIOS
+          strings and QEMU's fw_cfg protocol will not be used to import
+          credentials and kernel command line parameters by the system manager,
+          systemd-boot and systemd-stub, because the hypervisor is considered
+          untrusted in this particular setting.
 
         Journal:
 
-- 
2.47.3