From da3ab57cbc7915031362744ce646b3c40eb1b9a8 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 4 Oct 2021 10:31:04 +0200 Subject: update TODO --- TODO | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'TODO') diff --git a/TODO b/TODO index e75d6fba6f..e54d5447fd 100644 --- a/TODO +++ b/TODO @@ -83,6 +83,11 @@ Janitorial Clean-ups: Features: +* /etc/veritytab: allow that the roothash column can be specified as fs path + including a path to an AF_UNIX path, similar to how we do things with the + keys of /etc/crypttab. That way people can store/provide the roothash + externally and provide to us on demand only. + * add high-level lockdown level for GPT dissection logic: e.g. an enum that can be ANY (to mount anything), TRUSTED (to require that /usr is on signed verity, but rest doesn't matter), LOCKEDDOWN (to require that everything is -- cgit v1.2.1