update TODO

2024-07-08 20:15:55 +00:00 · 2023-09-05 13:54:35 +02:00 · 2023-09-05 13:54:35 +02:00 · 354e5b8873
commit 354e5b8873
parent c00c3d93d5
1 changed files with 13 additions and 8 deletions
--- a/21
+++ b/21
@ -95,14 +95,6 @@ Janitorial Clean-ups:

 Deprecations and removals:

-* homed: add a basic form of of secrets management to homed, that stores
-  secrets in $HOME somewhere, is protected by the accounts own authentication
-  mechanisms. Should implement something PKCS#11-like that can be used to
-  implement emulated FIDO2 in unpriv userspace on top (which should happen
-  outside of homed), emulated PKCS11, and libsecrets support. Operate with a
-  2nd key derived from volume key of the user, with which to wrap all
-  keys. maintain keys in kernel keyring if possible.
-
 * Remove any support for booting without /usr pre-mounted in the initrd entirely.
  Update INITRD_INTERFACE.md accordingly.

@ -144,6 +136,19 @@ Deprecations and removals:

 Features:

+* ddi must be listed as block device fstype
+
+* measure some string via pcrphase whenever we end up booting into emergency
+  mode.
+
+* homed: add a basic form of of secrets management to homed, that stores
+  secrets in $HOME somewhere, is protected by the accounts own authentication
+  mechanisms. Should implement something PKCS#11-like that can be used to
+  implement emulated FIDO2 in unpriv userspace on top (which should happen
+  outside of homed), emulated PKCS11, and libsecrets support. Operate with a
+  2nd key derived from volume key of the user, with which to wrap all
+  keys. maintain keys in kernel keyring if possible.
+
 * add ConditionSecurity=stub-measured or so that checks if we are booted with
  systemd-stub and its measurements