mirror of
https://github.com/systemd/systemd
synced 2024-07-21 02:05:05 +00:00
update TODO
This commit is contained in:
parent
61ade25782
commit
98045d12f6
18
TODO
18
TODO
|
@ -78,6 +78,24 @@ Janitorial Clean-ups:
|
||||||
|
|
||||||
Features:
|
Features:
|
||||||
|
|
||||||
|
* TPM2: add auth policy for signed PCR values to make updates easy. i.e. do
|
||||||
|
what tpm2_policyauthorize tool does. To be truly useful scheme needs to be a
|
||||||
|
bit more elaborate though: policy probably must take some nvram based
|
||||||
|
generation counter into account that can only monotonically increase and can
|
||||||
|
be used to invalidate old PCR signatures. Otherwise people could downgrade to
|
||||||
|
old signed PCR sets whenever they want. Usecase: encrypt the rootfs with LUKS
|
||||||
|
with a key that can only be unlocked via a pristine pre-built Fedora
|
||||||
|
kernel+initrd.
|
||||||
|
|
||||||
|
* update HACKING.md to suggest developing systemd with the ideas from:
|
||||||
|
https://0pointer.net/blog/testing-my-system-code-in-usr-without-modifying-usr.html
|
||||||
|
https://0pointer.net/blog/running-an-container-off-the-host-usr.html
|
||||||
|
|
||||||
|
* add a clear concept how the initrd can make up credentials on their own to
|
||||||
|
pass to the system when transitioning into the host OS. usecase: things like
|
||||||
|
cloud-init/ignitation and similar can parameterize the host with data they
|
||||||
|
acquire.
|
||||||
|
|
||||||
* Add ConditionCredentialExists= or so, that allows conditionalizing services
|
* Add ConditionCredentialExists= or so, that allows conditionalizing services
|
||||||
depending on whether a specific system credential is set. Usecase: a service
|
depending on whether a specific system credential is set. Usecase: a service
|
||||||
similar to the ssh keygen service that installs any SSH host key supplied via
|
similar to the ssh keygen service that installs any SSH host key supplied via
|
||||||
|
|
Loading…
Reference in a new issue