From 1a9454a9420c7835fc8ee3508906b98d92f16f11 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 27 Sep 2023 09:33:48 +0200 Subject: [PATCH] update TODO --- TODO | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/TODO b/TODO index b084518aae..408b799a2d 100644 --- a/TODO +++ b/TODO @@ -186,6 +186,14 @@ Features: AllowPeerUser= + AllowPeerGroup= to allow trivially simple access control when invoked via socket as IPC services +* systemd-tpm2-setup should probably have a factory reset logic, i.e. when some + kernel command line option is set we reset the TPM (equivalent of tpm2_clear + -c owner?). + +* systemd-tpm2-setup should support a mode where we refuse booting if the SRK + changed. (Must be opt-in, to not break systems which are supposed to be + migratable between PCs) + * when systemd-sysext learns mutable /usr/ (and systemd-confext mutable /etc/) then allow them to store the result in a .v/ versioned subdir, for some basic snapshot logic