mirror of
https://github.com/systemd/systemd
synced 2024-10-01 13:55:20 +00:00
update TODO
This commit is contained in:
Lennart Poettering
parent
9ea811914f
commit
3bcf564530
29
TODO
29
TODO
|
|
@ -293,9 +293,6 @@ Features:
|
|||
userspace to allow ordering boots (for example in journalctl). The counter
|
||||
would be monotonically increased on every boot.
|
||||
|
||||
* systemd-sysext: for sysext DDIs picked up via EFI stub, set much stricter
|
||||
image policy by default
|
||||
|
||||
* pam_systemd_home: add module parameter to control whether to only accept
|
||||
only password or only pcks11/fido2 auth, and then use this to hook nicely
|
||||
into two of the three PAM stacks gdm provides.
|
||||
|
|
@ -836,9 +833,6 @@ Features:
|
|||
virtio-fs.
|
||||
|
||||
* for vendor-built signed initrds:
|
||||
- make sysext run in the initrd
|
||||
- sysext should pick up sysext images from /.extra/ in the initrd, and insist
|
||||
on verification if in secureboot mode
|
||||
- kernel-install should be able to install pre-built unified kernel images in
|
||||
type #2 drop-in dir in the ESP.
|
||||
- kernel-install should be able install encrypted creds automatically for
|
||||
|
|
@ -1046,9 +1040,6 @@ Features:
|
|||
CapabilityQuintet we already have. (This likely allows us to drop libcap
|
||||
dep in the base OS image)
|
||||
|
||||
* sysext: automatically activate sysext images dropped in via new sd-stub
|
||||
sysext pickup logic. (must insist on verity + signature on those though)
|
||||
|
||||
* add concept for "exitrd" as inverse of "initrd", that we can transition to at
|
||||
shutdown, and has similar security semantics. This should then take the place
|
||||
of dracut's shutdown logic. Should probably support sysexts too. Care needs
|
||||
|
|
@ -1078,22 +1069,6 @@ Features:
|
|||
keys of /etc/crypttab. That way people can store/provide the roothash
|
||||
externally and provide to us on demand only.
|
||||
|
||||
* add high-level lockdown level for GPT dissection logic: e.g. an enum that can
|
||||
be ANY (to mount anything), TRUSTED (to require that /usr is on signed
|
||||
verity, but rest doesn't matter), LOCKEDDOWN (to require that everything is
|
||||
on signed verity, except for ESP), SUPERLOCKDOWN (like LOCKEDDOWN but ESP not
|
||||
allowed). And then maybe some flavours of that that declare what is expected
|
||||
from home/srv/var… Then, add a new cmdline flag to all tools that parse such
|
||||
images, to configure this. Also, add a kernel cmdline option for this, to be
|
||||
honoured by the gpt auto generator.
|
||||
|
||||
Alternative idea: add "systemd.gpt_auto_policy=rhvs" to allow gpt-auto to
|
||||
only mount root dir, /home/ dir, /var/ and /srv/, but nothing else. And then
|
||||
minor extension to this, insisting on encryption, for example
|
||||
"systemd.gpt_auto_policy=r+v+h" to require encryption for root and var but not
|
||||
for /home/, and similar. Similar add --image-dissect-policy= to tools that
|
||||
take --image= that take the same short string.
|
||||
|
||||
* we probably should extend the root verity hash of the root fs into some PCR
|
||||
on boot. (i.e. maybe add a veritytab option tpm2-measure=12 or so to measure
|
||||
it into PCR 12); Similar: we probably should extend the LUKS volume key of
|
||||
|
|
@ -1106,10 +1081,6 @@ Features:
|
|||
(i.e. sysext, root verity) from those inherently local (i.e. encryption key),
|
||||
which is useful if they shall be signed separately.
|
||||
|
||||
* add a "policy" to the dissection logic. i.e. a bit mask what is OK to mount,
|
||||
what must be read-only, what requires encryption, and what requires
|
||||
authentication.
|
||||
|
||||
* in uefi stub: query firmware regarding which PCR banks are being used, store
|
||||
that in EFI var. then use this when enrolling TPM2 in cryptsetup to verify
|
||||
that the selected PCRs actually are used by firmware.
|
||||
|
|
|
|||
Loading…
Reference in a new issue