diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-04-14 16:20:45 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2022-04-20 17:49:17 +0200 |
| commit | fe43a638c5e7d95ef694045be4303a53d1366d9b (patch) | |
| tree | 9d9b4f5d92e1f8f3cdcb390e1fc899aff2b3fdf7 /TODO | |
| parent | creds-util: permit credentials encrypted/signed by fixed zero length keys as ... (diff) | |
| download | systemd-fe43a638c5e7d95ef694045be4303a53d1366d9b.tar.xz systemd-fe43a638c5e7d95ef694045be4303a53d1366d9b.zip | |
update TODO
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 6 |
1 files changed, 0 insertions, 6 deletions
@@ -114,12 +114,6 @@ Features: - sd-stub: automatically pick up microcode from ESP (/loader/microcode/*) and synthesize initrd from it, and measure it. Signing is not necessary, as microcode does that on its own. Pass as first initrd to kernel. - - systemd-creds should have a fallback logic that uses neither TPM nor the - system key in /var for encryption and instead some fixed key. This should - be opt in (since it provides no security properties) but be used by - kernel-install when encrypting the creds it generates on systems that lack - a TPM, so that we can have very similar codepaths on TPM and TPM-less - systems. i.e. --with-key=tpm-graceful or so. - sd-stub should measure the kernel/initrd/… into a separate PCR, so that we have one PCR we can bind the encrypted creds to that is not effected by anything else but what we drop in via kernel-install, i.e. by earlier EFI |