update TODO

2024-07-08 20:15:55 +00:00 · 2022-10-14 21:21:46 +02:00 · 2022-10-14 21:21:46 +02:00 · a67a50e8f4
commit a67a50e8f4
parent f44ed151c6
1 changed files with 2 additions and 3 deletions
--- a/5
+++ b/5
@ -451,9 +451,8 @@ Features:
  and via the time window TPM logic invalidated if node doesn't keep itself
  updated, or becomes corrupted in some way.

-* Always measure the LUKS rootfs volume key into PCR 15, and derive the machine
-  ID from it securely. This would then allow us to bind secrets a specific
-  system securely.
+* in the initrd, once the rootfs encryption key has been measured to PCR 15,
+  derive default machine ID to use from it, and pass it to host PID 1.

 * tree-wide: convert as much as possible over to use sd_event_set_signal_exit(), instead
  of manually hooking into SIGINT/SIGTERM