mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
update TODO
This commit is contained in:
parent
1aad75efdf
commit
0fde330d66
13
TODO
13
TODO
@ -79,6 +79,19 @@ Janitorial Clean-ups:
|
||||
|
||||
Features:
|
||||
|
||||
* systemd-creds: extend encryption logic to support asymmetric
|
||||
encryption/authentication. Idea: add new verb "systemd-creds public-key"
|
||||
which generates a priv/pub key pair on the TPM2 and stores the priv key
|
||||
locally in /var. It then outputs a certificate for the pub part to stdout.
|
||||
This can then be copied/taken elsewhere, and can be used for encrypting creds
|
||||
that only the host on its specific hw can decrypt. Then, support a drop-in
|
||||
dir with certificates that can be used to authenticate credentials. Flow of
|
||||
operations is then this: build image with owner certificate, then after
|
||||
boot up issue "systemd-creds public-key" to acquire pubkey of the machine.
|
||||
Then, when passing data to the machine, sign with privkey belonging to one of
|
||||
the dropped in certs and encrypted with machine pubkey, and pass to machine.
|
||||
Machine is then able to authenticate you, and confidentiality is guaranteed.
|
||||
|
||||
* bootctl: add "gc" verb that loads all type #1 .conf files, and then removes
|
||||
all files from the set of files from the ESP/XBOOTLDR matching the entry
|
||||
token that are not referenced by any. Then, change kernel-install to use only
|
||||
|
Loading…
Reference in New Issue
Block a user