update TODO

1 files changed, 19 insertions, 0 deletions

diff --git a/TODO b/TODO
index 42925feacd..de634330ae 100644
--- a/TODO
+++ b/TODO
@@ -119,6 +119,21 @@ Deprecations and removals:
 
 Features:
 
+* dissection policy should enforce that unlocking can only take place by
+  certain means, i.e. only via pw, only via tpm2, or only via fido, or a
+  combination thereof.
+
+* make the systemd-repart "seed" value provisionable via credentials, so that
+  confidential computing environments can set it and deterministically
+  enforce the uuids for partitions created, so that they can calculate PCR 15
+  ahead of time.
+
+* systemd-repart: also derive the volume key from the seed value, for the
+  aforementioned purpose.
+
+* in the initrd: derive the default machine ID to pass to the host PID 1 via
+  $machine_id from the same seed credential.
+
 * Add systemd-sysupdate-initrd.service or so that runs systemd-sysupdate in the
   initrd to bootstrap the initrd to populate the initial partitions. Some things
   to figure out:
@@ -126,6 +141,10 @@ Features:
   - If run on every boot, should it use the sysupdate config from the host on
     subsequent boots?
 
+* hook up journald with TPMs? measure new journal records to the TPM in regular
+  intervals, validate the journal against current TPM state with that. (taking
+  inspiration from IMA log)
+
 * provide an API to apps to encrypt/decrypt credentials. usecase: allow
   bluez bluetooth daemon to pass pairings to initrd that way, without shelling
   out to our tools.