Update NEWS and TODO with sd-boot random seed developments

author: Jason A. Donenfeld <Jason@zx2c4.com> 2022-11-17 16:35:12 +0100
committer: Luca Boccassi <luca.boccassi@gmail.com> 2022-11-17 18:15:04 +0100
commit: 1d679b208d982bd5b8ba893981774cac5959b4b4 (patch)
tree: dcd2bdd69bf2b9108e9f8fa7325461d909444453 /NEWS
parent: fa4c01933d16f54444ec66271510b4c18a9501a8 (diff)
download: systemd-1d679b208d982bd5b8ba893981774cac5959b4b4.tar.gz
1 files changed, 20 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 86a9938670..4868748a3e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,25 @@
 systemd System and Service Manager
 
+CHANGES WITH 253 in spe:
+
+        Changes in sd-boot, bootctl, and the Boot Loader Specification:
+
+	* systemd-boot now passes its random seed directly to the kernel's RNG
+	  via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
+	  means the RNG gets seeded very early in boot before userspace has
+	  started.
+
+	* systemd-boot will pass a random seed when secure boot is enabled if
+	  it can additionally get a random seed from EFI itself, via EFI's RNG
+	  protocol or a prior seed in LINUX_EFI_RANDOM_SEED_TABLE_GUID from a
+	  preceding bootloader.
+
+	* The random seed stored in ESP is now refreshed whenever
+	  systemd-random-seed.service is run.
+
+	* systemd-boot handles various seed inputs using a domain- and
+	  field-separated hashing scheme.
+
 CHANGES WITH 252 🎃:
 
         Announcements of Future Feature Removals:
author	Jason A. Donenfeld <Jason@zx2c4.com>	2022-11-17 16:35:12 +0100
committer	Luca Boccassi <luca.boccassi@gmail.com>	2022-11-17 18:15:04 +0100
commit	1d679b208d982bd5b8ba893981774cac5959b4b4 (patch)
tree	dcd2bdd69bf2b9108e9f8fa7325461d909444453 /NEWS
parent	fa4c01933d16f54444ec66271510b4c18a9501a8 (diff)
download	systemd-1d679b208d982bd5b8ba893981774cac5959b4b4.tar.gz