From 1d679b208d982bd5b8ba893981774cac5959b4b4 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Thu, 17 Nov 2022 16:35:12 +0100
Subject: Update NEWS and TODO with sd-boot random seed developments

---
 NEWS | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 86a9938670..4868748a3e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,25 @@
 systemd System and Service Manager
 
+CHANGES WITH 253 in spe:
+
+        Changes in sd-boot, bootctl, and the Boot Loader Specification:
+
+	* systemd-boot now passes its random seed directly to the kernel's RNG
+	  via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
+	  means the RNG gets seeded very early in boot before userspace has
+	  started.
+
+	* systemd-boot will pass a random seed when secure boot is enabled if
+	  it can additionally get a random seed from EFI itself, via EFI's RNG
+	  protocol or a prior seed in LINUX_EFI_RANDOM_SEED_TABLE_GUID from a
+	  preceding bootloader.
+
+	* The random seed stored in ESP is now refreshed whenever
+	  systemd-random-seed.service is run.
+
+	* systemd-boot handles various seed inputs using a domain- and
+	  field-separated hashing scheme.
+
 CHANGES WITH 252 🎃:
 
         Announcements of Future Feature Removals:
-- 
cgit v1.2.1