update TODO

author: Lennart Poettering <lennart@poettering.net> 2022-10-14 21:21:46 +0200
committer: Lennart Poettering <lennart@poettering.net> 2023-01-17 09:42:16 +0100
commit: a67a50e8f4a3d19713fe9b84653616fcba5ae14c (patch)
tree: 4a4687719582ff2dbf052fd85805706565e65adf /TODO
parent: f44ed151c6c203f01a9fe8623b282ecd4ef2e0a9 (diff)
download: systemd-a67a50e8f4a3d19713fe9b84653616fcba5ae14c.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/TODO b/TODO
index d95cbfaeb7..e78cfa1596 100644
--- a/TODO
+++ b/TODO
@@ -451,9 +451,8 @@ Features:
   and via the time window TPM logic invalidated if node doesn't keep itself
   updated, or becomes corrupted in some way.
 
-* Always measure the LUKS rootfs volume key into PCR 15, and derive the machine
-  ID from it securely. This would then allow us to bind secrets a specific
-  system securely.
+* in the initrd, once the rootfs encryption key has been measured to PCR 15,
+  derive default machine ID to use from it, and pass it to host PID 1.
 
 * tree-wide: convert as much as possible over to use sd_event_set_signal_exit(), instead
   of manually hooking into SIGINT/SIGTERM
author	Lennart Poettering <lennart@poettering.net>	2022-10-14 21:21:46 +0200
committer	Lennart Poettering <lennart@poettering.net>	2023-01-17 09:42:16 +0100
commit	a67a50e8f4a3d19713fe9b84653616fcba5ae14c (patch)
tree	4a4687719582ff2dbf052fd85805706565e65adf /TODO
parent	f44ed151c6c203f01a9fe8623b282ecd4ef2e0a9 (diff)
download	systemd-a67a50e8f4a3d19713fe9b84653616fcba5ae14c.tar.gz