mirror of
https://github.com/systemd/systemd
synced 2024-07-08 20:15:55 +00:00
update TODO
This commit is contained in:
parent
c00c3d93d5
commit
354e5b8873
21
TODO
21
TODO
|
@ -95,14 +95,6 @@ Janitorial Clean-ups:
|
|||
|
||||
Deprecations and removals:
|
||||
|
||||
* homed: add a basic form of of secrets management to homed, that stores
|
||||
secrets in $HOME somewhere, is protected by the accounts own authentication
|
||||
mechanisms. Should implement something PKCS#11-like that can be used to
|
||||
implement emulated FIDO2 in unpriv userspace on top (which should happen
|
||||
outside of homed), emulated PKCS11, and libsecrets support. Operate with a
|
||||
2nd key derived from volume key of the user, with which to wrap all
|
||||
keys. maintain keys in kernel keyring if possible.
|
||||
|
||||
* Remove any support for booting without /usr pre-mounted in the initrd entirely.
|
||||
Update INITRD_INTERFACE.md accordingly.
|
||||
|
||||
|
@ -144,6 +136,19 @@ Deprecations and removals:
|
|||
|
||||
Features:
|
||||
|
||||
* ddi must be listed as block device fstype
|
||||
|
||||
* measure some string via pcrphase whenever we end up booting into emergency
|
||||
mode.
|
||||
|
||||
* homed: add a basic form of of secrets management to homed, that stores
|
||||
secrets in $HOME somewhere, is protected by the accounts own authentication
|
||||
mechanisms. Should implement something PKCS#11-like that can be used to
|
||||
implement emulated FIDO2 in unpriv userspace on top (which should happen
|
||||
outside of homed), emulated PKCS11, and libsecrets support. Operate with a
|
||||
2nd key derived from volume key of the user, with which to wrap all
|
||||
keys. maintain keys in kernel keyring if possible.
|
||||
|
||||
* add ConditionSecurity=stub-measured or so that checks if we are booted with
|
||||
systemd-stub and its measurements
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user