diff options
author | Lennart Poettering <lennart@poettering.net> | 2022-10-14 21:21:46 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-01-17 09:42:16 +0100 |
commit | a67a50e8f4a3d19713fe9b84653616fcba5ae14c (patch) | |
tree | 4a4687719582ff2dbf052fd85805706565e65adf /TODO | |
parent | f44ed151c6c203f01a9fe8623b282ecd4ef2e0a9 (diff) | |
download | systemd-a67a50e8f4a3d19713fe9b84653616fcba5ae14c.tar.gz |
update TODO
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 5 |
1 files changed, 2 insertions, 3 deletions
@@ -451,9 +451,8 @@ Features: and via the time window TPM logic invalidated if node doesn't keep itself updated, or becomes corrupted in some way. -* Always measure the LUKS rootfs volume key into PCR 15, and derive the machine - ID from it securely. This would then allow us to bind secrets a specific - system securely. +* in the initrd, once the rootfs encryption key has been measured to PCR 15, + derive default machine ID to use from it, and pass it to host PID 1. * tree-wide: convert as much as possible over to use sd_event_set_signal_exit(), instead of manually hooking into SIGINT/SIGTERM |