update TODO

author: Lennart Poettering <lennart@poettering.net> 2022-10-14 11:32:43 +0200
committer: Lennart Poettering <lennart@poettering.net> 2022-10-14 11:33:17 +0200
commit: 4554c178bf07ded86f9f3982f26e87afd1caf0f4 (patch)
tree: efe01420b0ed456f8681d87308d33da908185c85
parent: 73bf6859cb1b356cc6bb63e624b8be88dc224d49 (diff)
download: systemd-4554c178bf07ded86f9f3982f26e87afd1caf0f4.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/TODO b/TODO
index 642c596945..d4e21a7cbf 100644
--- a/TODO
+++ b/TODO
@@ -119,6 +119,12 @@ Deprecations and removals:
 
 Features:
 
+* We should start measuring all services, containers, and system extensions we
+  activate. probably into PCR 13. i.e. add --tpm2-measure-pcr= or so to
+  systemd-nspawn, and MeasurePCR= to unit files. Should contain a measurement
+  of the activated configuration and the image that is being activated (in case
+  verity is used, hash of the root hash).
+
 * whenever we measure something into a TPM PCR from userspace, write a record in
   TCG's "Canonical Event Log" format to some file, so that we can reason about
   how PCR values we manage came to
author	Lennart Poettering <lennart@poettering.net>	2022-10-14 11:32:43 +0200
committer	Lennart Poettering <lennart@poettering.net>	2022-10-14 11:33:17 +0200
commit	4554c178bf07ded86f9f3982f26e87afd1caf0f4 (patch)
tree	efe01420b0ed456f8681d87308d33da908185c85
parent	73bf6859cb1b356cc6bb63e624b8be88dc224d49 (diff)
download	systemd-4554c178bf07ded86f9f3982f26e87afd1caf0f4.tar.gz