diff options
| author | Dmitry V. Levin <ldv@strace.io> | 2023-02-15 08:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2023-02-15 10:41:03 +0000 |
| commit | 30fd9a2dabb81cf7b65aba48b684f1178d9fd879 (patch) | |
| tree | 8aac1819f81a8807177371c2153064dc7a974d75 /TODO | |
| parent | 8d3473f01d7ccdbc456f56c7797f4d164f5eb7a0 (diff) | |
| download | systemd-30fd9a2dabb81cf7b65aba48b684f1178d9fd879.tar.gz | |
treewide: fix a few typos in NEWS, docs and comments
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 12 |
1 files changed, 6 insertions, 6 deletions
@@ -209,7 +209,7 @@ Features: * in journald: whenever we start a new journal file because the boot ID changed, let's generate a recognizable log record containing info about old - and new new ID. Then, when displaying log stream in journalctl look for these + and new ID. Then, when displaying log stream in journalctl look for these records, to be able to order them. * timesyncd: when saving/restoring clock try to take boot time into account. @@ -744,11 +744,11 @@ Features: protections of the root OS are weakened after interactive confirmation, to allow hackers to allow their own stuff. idea: allow entering developer mode only via explicit choice in boot menu: i.e. add explicit boot menu item for - it. when developer mode is entered generate a key pair in the TPM2, and add + it. When developer mode is entered, generate a key pair in the TPM2, and add the public part of it automatically to keychain of valid code signature keys on subsequent boots. Then provide a tool to sign code with the key in the - TPM2. Ensure that boot menu item is only way to enter developer mode, by - binding it to locality/PCRs so that that keys cannot be generated otherwise. + TPM2. Ensure that boot menu item is the only way to enter developer mode, by + binding it to locality/PCRs so that keys cannot be generated otherwise. * services: add support for cryptographically unlocking per-service directories via TPM2. Specifically, for StateDirectory= (and related dirs) use fscrypt to @@ -996,7 +996,7 @@ Features: mounted from host. maybe put this in systemd-user-sessions.service? * drop dependency on libcap, replace by direct syscalls based on - CapabilityQuintet we already have. (This likely allows us drop drop libcap + CapabilityQuintet we already have. (This likely allows us to drop libcap dep in the base OS image) * sysext: automatically activate sysext images dropped in via new sd-stub @@ -1144,7 +1144,7 @@ Features: * credentials system: - acquire from EFI variable? - - acquire via via ask-password? + - acquire via ask-password? - acquire creds via keyring? - pass creds via keyring? - pass creds via memfd? |