update TODO

TODO

@@ -117,6 +117,11 @@ Deprecations and removals:
 
 Features:
 
+* during the initrd → host transition measure a fixed value into TPM PCR 11
+  (where we already measure the UKI into), so that unlock policies for disk
+  enryption/credential encryption can be put together that only work in the
+  initrd or only on the host (or both).
+
 * Add support for extra verity configuration options to systemd-reart (FEC, hash type, etc)
 
 * chase_symlinks(): take inspiraton from path_extract_filename() and return
@@ -160,11 +165,6 @@ Features:
 
 * systemd-measure tool:
   - pre-calculate PCR 12 (command line) + PCR 13 (sysext) the same way we can precalculate PCR 11
-  - sign pre-calculated hashes in a way compatible with TPM2 PCR hash signature
-    policies, in a way they can be included in unified PE kernel images, and
-    made available to userspace. There, this should be consumed by
-    systemd-cryptsetup to implement PCR signature based TPM volume unlock
-    policies.
 
 * in sd-boot: load EFI drivers from a new PE section. That way, one can have a
   "supercharged" sd-boot binary, that could carry ext4 drivers built-in.
@@ -249,8 +249,7 @@ Features:
 
 * repart: allow defining additional partitions via credential
 
-* tmpfiles: add snippet that provisions /etc/hosts, /etc/motd,
-  /root/.ssh/authorized_keys from credential
+* tmpfiles: add snippet that provisions /root/.ssh/authorized_keys from credential
 
 * timesyncd: pick NTP server info from credential
 
@@ -343,50 +342,11 @@ Features:
 * given that /etc/ssh/ssh_config.d/ is a thing now, ship a drop-in for that
   that hooks up userbdctl ssh-key stuff.
 
-* allow embedding a signature blob for PCR hashes into separate section in
-  unified kernel binaries. This section should be picked up by sd-stub, and
-  passed in a file to the booted kernel (via initrd cpio, as usual). Usecase:
-  this way we can implement disk encryption policies that bind to specific
-  kernel PCR state, without breaking things on every kernel update. As long as
-  the kernel includes the PCR signature blob we should be good, as disk
-  encryption can then pass the signature to the TPM to unlock their secrets.
-  Why do this via a separate PE section? That's because the PCR state depends
-  on the measured kernel/initrd of course, thus we cannot put the signature
-  into the kernel/initrd itself, because that would require a time machine.
-  Hence we have to find a separate place. A simple solution is a PE section
-  of its own, because then it is next to the kernel and initrd which after all
-  are stored in PE sections of their own too. Building a unified kernel would
-  thus mean, calculating PCR values for the raw kernel image, and raw initrd
-  image, then signing those PCR values with a vendor key, and then combining
-  sd-stub, raw kernel image, raw initrd, and PCR signature into a unified
-  kernel image.
-
-* a new tool "systemd-trust" or so, that can calculate PCR hashes offline, and
-  optionally sign them. for that we should extend our syntax for specifying pcr
-  policies (e.g. the string like "4+7+9") so that it can also include explicit
-  hash values, i.e.
-  4=sha256:0ef149998289474e4bb31813edda6ad7f3c991b2d8dec6e8fe4db7a1f039f2d1+7=sha256:87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7+9=sha256:0263829989b6fd954f72baaf2fc64bc2e2f01d692d4de72986ea808f6e99813f
-  and file names to calculate hashes from, i.e.
-  4=file:/boot/vmlinuz+7=file:/boot/initrd/+9=file:/etc/fstab"
-  The systemd-trust tool should then be able to resolve any "underspecifed"
-  form into the form with explicit hash values.
-
 * maybe add support for binding and connecting AF_UNIX sockets in the file
   system outside of the 108ch limit. When connecting, open O_PATH fd to socket
   inode first, then connect to /proc/self/fd/XYZ. When binding, create symlink
   to target dir in /tmp, and bind through it.
 
-* tmpfiles: for f/F/w lines, if the argument columns is left unspecified, look
-  for a service credential named after the file path to write to, and load
-  contents to write from there. Usecase: provision arbitrary files from
-  credentials. Example use: with a line like "f /root/.ssh/authorized-keys
-  0644 root root" in a tmpfiles.d/ snippet add
-  LoadCredential=root.ssh.authorized-keys via drop-in to
-  systemd-tmpfiles.service, and then provision an SSH access key through
-  nspawn's --load-credential=, through qemu's fw_cfg, or via systemd-stub's
-  credntial pick-up. The latter is particularly interesting to implement SSH
-  access to an initrd.
-
 * systemd-homed: when initializing, look for a credential sysemd.homed.register
   or so with JSON user records to automatically register if not registered yet.
   Usecase: deploy a system, and add an account one can directly log into.
@@ -406,14 +366,11 @@ Features:
   set up the directory so that it can only be accessed if host and app are in
   order.
 
-* TPM2: add auth policy for signed PCR values to make updates easy. i.e. do
-  what tpm2_policyauthorize tool does.  To be truly useful scheme needs to be a
-  bit more elaborate though: policy probably must take some nvram based
-  generation counter into account that can only monotonically increase and can
-  be used to invalidate old PCR signatures. Otherwise people could downgrade to
-  old signed PCR sets whenever they want. Usecase: encrypt the rootfs with LUKS
-  with a key that can only be unlocked via a pristine pre-built Fedora
-  kernel+initrd.
+* TPM2: extend unlock policy to protect against version downgrades in signed
+  policies: policy probably must take some nvram based generation counter into
+  account that can only monotonically increase and can be used to invalidate
+  old PCR signatures. Otherwise people could downgrade to old signed PCR sets
+  whenever they want.
 
 * update HACKING.md to suggest developing systemd with the ideas from:
   https://0pointer.net/blog/testing-my-system-code-in-usr-without-modifying-usr.html