mirror of
https://github.com/systemd/systemd
synced 2024-07-21 18:24:38 +00:00
update TODO
This commit is contained in:
parent
c00c3d93d5
commit
354e5b8873
21
TODO
21
TODO
|
@ -95,14 +95,6 @@ Janitorial Clean-ups:
|
||||||
|
|
||||||
Deprecations and removals:
|
Deprecations and removals:
|
||||||
|
|
||||||
* homed: add a basic form of of secrets management to homed, that stores
|
|
||||||
secrets in $HOME somewhere, is protected by the accounts own authentication
|
|
||||||
mechanisms. Should implement something PKCS#11-like that can be used to
|
|
||||||
implement emulated FIDO2 in unpriv userspace on top (which should happen
|
|
||||||
outside of homed), emulated PKCS11, and libsecrets support. Operate with a
|
|
||||||
2nd key derived from volume key of the user, with which to wrap all
|
|
||||||
keys. maintain keys in kernel keyring if possible.
|
|
||||||
|
|
||||||
* Remove any support for booting without /usr pre-mounted in the initrd entirely.
|
* Remove any support for booting without /usr pre-mounted in the initrd entirely.
|
||||||
Update INITRD_INTERFACE.md accordingly.
|
Update INITRD_INTERFACE.md accordingly.
|
||||||
|
|
||||||
|
@ -144,6 +136,19 @@ Deprecations and removals:
|
||||||
|
|
||||||
Features:
|
Features:
|
||||||
|
|
||||||
|
* ddi must be listed as block device fstype
|
||||||
|
|
||||||
|
* measure some string via pcrphase whenever we end up booting into emergency
|
||||||
|
mode.
|
||||||
|
|
||||||
|
* homed: add a basic form of of secrets management to homed, that stores
|
||||||
|
secrets in $HOME somewhere, is protected by the accounts own authentication
|
||||||
|
mechanisms. Should implement something PKCS#11-like that can be used to
|
||||||
|
implement emulated FIDO2 in unpriv userspace on top (which should happen
|
||||||
|
outside of homed), emulated PKCS11, and libsecrets support. Operate with a
|
||||||
|
2nd key derived from volume key of the user, with which to wrap all
|
||||||
|
keys. maintain keys in kernel keyring if possible.
|
||||||
|
|
||||||
* add ConditionSecurity=stub-measured or so that checks if we are booted with
|
* add ConditionSecurity=stub-measured or so that checks if we are booted with
|
||||||
systemd-stub and its measurements
|
systemd-stub and its measurements
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue