From 9ef6330e1704f872d8cae0a44d3cd729dfc14a4e Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 18 Oct 2022 12:08:53 +0200 Subject: update TODO --- TODO | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'TODO') diff --git a/TODO b/TODO index 42925feacd..de634330ae 100644 --- a/TODO +++ b/TODO @@ -119,6 +119,21 @@ Deprecations and removals: Features: +* dissection policy should enforce that unlocking can only take place by + certain means, i.e. only via pw, only via tpm2, or only via fido, or a + combination thereof. + +* make the systemd-repart "seed" value provisionable via credentials, so that + confidential computing environments can set it and deterministically + enforce the uuids for partitions created, so that they can calculate PCR 15 + ahead of time. + +* systemd-repart: also derive the volume key from the seed value, for the + aforementioned purpose. + +* in the initrd: derive the default machine ID to pass to the host PID 1 via + $machine_id from the same seed credential. + * Add systemd-sysupdate-initrd.service or so that runs systemd-sysupdate in the initrd to bootstrap the initrd to populate the initial partitions. Some things to figure out: @@ -126,6 +141,10 @@ Features: - If run on every boot, should it use the sysupdate config from the host on subsequent boots? +* hook up journald with TPMs? measure new journal records to the TPM in regular + intervals, validate the journal against current TPM state with that. (taking + inspiration from IMA log) + * provide an API to apps to encrypt/decrypt credentials. usecase: allow bluez bluetooth daemon to pass pairings to initrd that way, without shelling out to our tools. -- cgit v1.2.1