mirror of
https://github.com/systemd/systemd
synced 2024-07-08 20:15:55 +00:00
update TODO
This commit is contained in:
Lennart Poettering
parent
7704c3474d
commit
fd40e7da6e
36
TODO
36
TODO
|
|
@ -142,6 +142,24 @@ Features:
|
|||
|
||||
* ditto: rewrite bpf-firewall in libbpf/C code
|
||||
|
||||
* credentials: if we ever acquire a secure way to derive cgroup id of socket
|
||||
peers (i.e. SO_PEERCGROUPID), then extend the "scoped" credential logic to
|
||||
allow cgroup-scoped (i.e. app or service scoped) credentials. Then, as next
|
||||
step use this to implement per-app/per-service encrypted directories, where
|
||||
we set up fscrypt on the StateDirectory= with a randomized key which is
|
||||
stored as xattr on the directory, encrypted as a credential.
|
||||
|
||||
* credentials: optionally include a per-user secret in scoped user-credential
|
||||
encryption keys. should come from homed in some way, derived from the luks
|
||||
volume key or fscrypt directory key.
|
||||
|
||||
* credentials: add a flag to the scoped credentials that if set require PK
|
||||
reauthentication when unlocking a secret.
|
||||
|
||||
* teach systemd --user to properly load credentials off disk, with
|
||||
/etc/credstore equivalent and similar. Mkae sure that $CREDENTIALS_DIRECTORY=
|
||||
actually works too when run with user privs.
|
||||
|
||||
* extend the smbios11 logic for passing credentials so that instead of passing
|
||||
the credential data literally it can also just reference an AF_VSOCK CID/port
|
||||
to read them from. This way the data doesn't remain in the SMBIOS blob during
|
||||
|
|
@ -169,23 +187,11 @@ Features:
|
|||
* use udev rule networkd ownership property to take ownership of network
|
||||
interfaces nspawn creates
|
||||
|
||||
* support encrypted credentials in user context too. This is complicated by the
|
||||
fact that the user does not have access to the TPM nor the system
|
||||
credential. Implementation idea: extend the systemd-creds Varlink interface
|
||||
to allow this: user must supply some per-user secret, that we'll include in
|
||||
the encryption key.
|
||||
|
||||
* add a kernel cmdline switch (and cred?) for marking a system to be
|
||||
"headless", in which case we never open /dev/console for reading, only for
|
||||
writing. This would then mean: systemd-firstboot would process creds but not
|
||||
ask interactively, getty would not be started and so on.
|
||||
|
||||
* extend mime database with mime types for:
|
||||
- journal files
|
||||
- credential files
|
||||
- hwdb files
|
||||
- catalog files
|
||||
|
||||
* cryptsetup: new crypttab option to auto-grow a luks device to its backing
|
||||
partition size. new crypttab option to reencrypt a luks device with a new
|
||||
volume key.
|
||||
|
|
@ -689,10 +695,6 @@ Features:
|
|||
- If run on every boot, should it use the sysupdate config from the host on
|
||||
subsequent boots?
|
||||
|
||||
* provide an API (probably IPC) to apps to encrypt/decrypt
|
||||
credentials. use case: allow bluez bluetooth daemon to pass pairings to initrd
|
||||
that way, without shelling out to our tools.
|
||||
|
||||
* revisit default PCR bindings in cryptenroll and systemd-creds. Currently they
|
||||
use PCR 7 which should contain secureboot state db/dbx. Which sounded like a
|
||||
safe bet, given that it should change only on policy changes, and not
|
||||
|
|
@ -1323,8 +1325,6 @@ Features:
|
|||
wireguard)
|
||||
- make gatewayd/remote read key via creds logic
|
||||
- add sd_notify() command for flushing out creds not needed anymore
|
||||
- make user manager instances create and use a user-specific key (the one in
|
||||
/var/lib is root-only) and add --user switch to systemd-creds to use it
|
||||
|
||||
* TPM2: auto-reenroll in cryptsetup, as fallback for hosed firmware upgrades
|
||||
and such
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user