From bbe29ca29b60ca264309d2c7f879afe49518e279 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 14 Jul 2022 16:14:11 +0200 Subject: [PATCH] update TODO --- TODO | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/TODO b/TODO index 8aa68d841e..2ef618dda9 100644 --- a/TODO +++ b/TODO @@ -79,6 +79,11 @@ Janitorial Clean-ups: Features: +* journald: generate recognizable log events whenever we shutdown journald + cleanly, and when we migrate run → var. This way tools can verify that a + previous boot terminated cleanly, because either of these two messages must + be safely written to disk, then. + * systemd-creds: extend encryption logic to support asymmetric encryption/authentication. Idea: add new verb "systemd-creds public-key" which generates a priv/pub key pair on the TPM2 and stores the priv key @@ -92,6 +97,9 @@ Features: the dropped in certs and encrypted with machine pubkey, and pass to machine. Machine is then able to authenticate you, and confidentiality is guaranteed. +* building on top of the above, the pub/priv key pair generated on the TPM2 + should probably also one you can use to get a remote attestation quote. + * bootctl: add "gc" verb that loads all type #1 .conf files, and then removes all files from the set of files from the ESP/XBOOTLDR matching the entry token that are not referenced by any. Then, change kernel-install to use only @@ -109,6 +117,10 @@ Features: * run-generator: allow defining additional commands to run via a credential +* resolved: allow defining additional /etc/hosts entries via a credential (it + might make sense to then synthesize a new combined /etc/hosts file in /run + and bind mount it on /etc/hosts for other clients that want to read it. + * define a JSON format for units, separating out unit definitions from unit runtime state. Then, expose it: