mirror of
https://github.com/systemd/systemd
synced 2024-10-06 16:21:34 +00:00
update TODO
This commit is contained in:
parent
a02c1239cc
commit
3fc0688d42
8
TODO
8
TODO
|
@ -83,6 +83,14 @@ Janitorial Clean-ups:
|
||||||
|
|
||||||
Features:
|
Features:
|
||||||
|
|
||||||
|
* we probably should extend the root verity hash of the root fs into some PCR
|
||||||
|
on boot. (i.e. maybe add a crypttab option tpm2-measure=8 or so to measure it
|
||||||
|
into PCR 8)
|
||||||
|
|
||||||
|
* add a "policy" to the dissection logic. i.e. a bit mask what is OK to mount,
|
||||||
|
what must be read-only, what requires encryption, and what requires
|
||||||
|
authentication.
|
||||||
|
|
||||||
* in uefi stub: query firmware regarding which PCRs are being used, store that
|
* in uefi stub: query firmware regarding which PCRs are being used, store that
|
||||||
in EFI var. then use this when enrolling TPM2 in cryptsetup to verify that
|
in EFI var. then use this when enrolling TPM2 in cryptsetup to verify that
|
||||||
the selected PCRs actually are used by firmware.
|
the selected PCRs actually are used by firmware.
|
||||||
|
|
Loading…
Reference in a new issue