update TODO

author: Lennart Poettering <lennart@poettering.net> 2021-10-04 10:31:04 +0200
committer: Lennart Poettering <lennart@poettering.net> 2021-10-07 15:43:24 +0200
commit: da3ab57cbc7915031362744ce646b3c40eb1b9a8 (patch)
tree: 35ed451e63e59eeeab08b9867e9af215227d6594 /TODO
parent: 4c737f4ef1e519652f0a04ca68602f82525e47a7 (diff)
download: systemd-da3ab57cbc7915031362744ce646b3c40eb1b9a8.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/TODO b/TODO
index e75d6fba6f..e54d5447fd 100644
--- a/TODO
+++ b/TODO
@@ -83,6 +83,11 @@ Janitorial Clean-ups:
 
 Features:
 
+* /etc/veritytab: allow that the roothash column can be specified as fs path
+  including a path to an AF_UNIX path, similar to how we do things with the
+  keys of /etc/crypttab. That way people can store/provide the roothash
+  externally and provide to us on demand only.
+
 * add high-level lockdown level for GPT dissection logic: e.g. an enum that can
   be ANY (to mount anything), TRUSTED (to require that /usr is on signed
   verity, but rest doesn't matter), LOCKEDDOWN (to require that everything is
author	Lennart Poettering <lennart@poettering.net>	2021-10-04 10:31:04 +0200
committer	Lennart Poettering <lennart@poettering.net>	2021-10-07 15:43:24 +0200
commit	da3ab57cbc7915031362744ce646b3c40eb1b9a8 (patch)
tree	35ed451e63e59eeeab08b9867e9af215227d6594 /TODO
parent	4c737f4ef1e519652f0a04ca68602f82525e47a7 (diff)
download	systemd-da3ab57cbc7915031362744ce646b3c40eb1b9a8.tar.gz