diff --git a/TODO b/TODO
index e75d6fba6f..e54d5447fd 100644
--- a/TODO
+++ b/TODO
@@ -83,6 +83,11 @@ Janitorial Clean-ups:
 
 Features:
 
+* /etc/veritytab: allow that the roothash column can be specified as fs path
+  including a path to an AF_UNIX path, similar to how we do things with the
+  keys of /etc/crypttab. That way people can store/provide the roothash
+  externally and provide to us on demand only.
+
 * add high-level lockdown level for GPT dissection logic: e.g. an enum that can
   be ANY (to mount anything), TRUSTED (to require that /usr is on signed
   verity, but rest doesn't matter), LOCKEDDOWN (to require that everything is