mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-05 09:17:44 +03:00
update TODO
This commit is contained in:
parent
ecf4be2952
commit
1c904337a2
63
TODO
63
TODO
@ -129,7 +129,43 @@ Deprecations and removals:
|
|||||||
|
|
||||||
Features:
|
Features:
|
||||||
|
|
||||||
* tmpfiles snippet that locks down /etc/credstore/ and friends, just in case.
|
* in order to make binding to PCR 4 realistic:
|
||||||
|
- generate one keypair "U" and store it in a tpm2 nvindex.
|
||||||
|
- Generate another keypair "P" and store it in a second tpm2 nvindex.
|
||||||
|
- allocate a persistent counter object "C" in the tpm2
|
||||||
|
- Enroll all user objects (i.e. luks volumes, creds, …) to a tpm2 policy
|
||||||
|
signed by U.
|
||||||
|
- Lock both U and P down with a tpm2 policy signed by P (yes, P can only be
|
||||||
|
used if a signature by P itself can be provided)
|
||||||
|
- For regular reboots generate a signature for a restrictive PCR4 + counter C
|
||||||
|
based policy with key P. Place signature in EFI var, so it can be found on
|
||||||
|
next boot
|
||||||
|
- For reboots where a firmware update is expected generate a signature with a
|
||||||
|
more open policy against just counter C. Place signature in same EFI var.
|
||||||
|
- Increase C whenever switching between these two signature types.
|
||||||
|
- During early boot, use the signature from the EFI var to unlock U and P.
|
||||||
|
Use it to generate a signature for unlocking user objects given the current
|
||||||
|
PCR 4 value, store that away into /run somewhere, for user during the whole
|
||||||
|
later boot.
|
||||||
|
- When booting up automatically update the mentioned efi var so that it
|
||||||
|
contains the restrictive signature. But also generate a signature ahead of
|
||||||
|
time that could be used in case during the current boot we later detect we might
|
||||||
|
need to reboot for a firmware update. Store that in /run somewhere, so that
|
||||||
|
it can be placed in the EFI var, if needed.
|
||||||
|
|
||||||
|
* repart/gpt-auto/DDIs: maybe introduce a concept of "extension" partitions,
|
||||||
|
that have a new type uuid and can "extend" earlier partitions, to work around
|
||||||
|
the fact that systemd-repart can only grow the last partition defined. During
|
||||||
|
activation we'd simply set up a dm-linear mapping to merge them again. A
|
||||||
|
partition that is to be extended would just set a bit in the partition flags
|
||||||
|
field to indicate that there's another extension partition to look for. The
|
||||||
|
identifiying UUID of the extension partition would be hashed in counter mode
|
||||||
|
from the uuid of the original partition it extends. Inspiration for this is
|
||||||
|
the "dynamic partitions" concept of new Android. This would be a minimalistic
|
||||||
|
concept of a volume manager, with the extents it manages being exposes as GPT
|
||||||
|
partitions. I a partition is extended multiple times they should probably
|
||||||
|
grow exponentially in size to ensure O(log(n)) time for finding them on
|
||||||
|
access.
|
||||||
|
|
||||||
* split out execute.c into new "systemd-executor" binary. Then make PID 1 fork
|
* split out execute.c into new "systemd-executor" binary. Then make PID 1 fork
|
||||||
that off via vfork(), and then let that executor do the hard work. Ultimately
|
that off via vfork(), and then let that executor do the hard work. Ultimately
|
||||||
@ -198,7 +234,7 @@ Features:
|
|||||||
See discussion at https://github.com/authselect/authselect/pull/311
|
See discussion at https://github.com/authselect/authselect/pull/311
|
||||||
|
|
||||||
* sd-boot: make boot loader spec type #1 accept http urls in "linux"
|
* sd-boot: make boot loader spec type #1 accept http urls in "linux"
|
||||||
lines. THen, do the uefi http dance to download kernels and boot them. This
|
lines. Then, do the uefi http dance to download kernels and boot them. This
|
||||||
is then useful for network boot, by embdedding a cpio with type #1 snippets
|
is then useful for network boot, by embdedding a cpio with type #1 snippets
|
||||||
in sd-boot, which reference remote kernels.
|
in sd-boot, which reference remote kernels.
|
||||||
|
|
||||||
@ -321,14 +357,6 @@ Features:
|
|||||||
be included as much as PCR 7 (as it contains shim's policy, which is
|
be included as much as PCR 7 (as it contains shim's policy, which is
|
||||||
certainly as relevant as PCR 7 on many systems)
|
certainly as relevant as PCR 7 on many systems)
|
||||||
|
|
||||||
* move discoverable partition spec and boot loader spec over to uapi group
|
|
||||||
|
|
||||||
* maybe measure UUIDs of important mounted file systems (after mount, via the
|
|
||||||
new ioctls to query them) into PCR 15? Add "x-systemd.measure-pcr=" or so for
|
|
||||||
this that pulls in a per mount service?
|
|
||||||
|
|
||||||
* measure /etc/machine-id during early boot into PCR 15?
|
|
||||||
|
|
||||||
* To mimic the new tpm2-measure-pcr= crypttab option add the same to veritytab
|
* To mimic the new tpm2-measure-pcr= crypttab option add the same to veritytab
|
||||||
(measuring the root hash) and integritytab (measuring the HMAC key if one is
|
(measuring the root hash) and integritytab (measuring the HMAC key if one is
|
||||||
used)
|
used)
|
||||||
@ -598,12 +626,6 @@ Features:
|
|||||||
* building on top of the above, the pub/priv key pair generated on the TPM2
|
* building on top of the above, the pub/priv key pair generated on the TPM2
|
||||||
should probably also one you can use to get a remote attestation quote.
|
should probably also one you can use to get a remote attestation quote.
|
||||||
|
|
||||||
* bootctl: add "gc" verb that loads all type #1 .conf files, and then removes
|
|
||||||
all files from the set of files from the ESP/XBOOTLDR matching the entry
|
|
||||||
token that are not referenced by any. Then, change kernel-install to use only
|
|
||||||
this to remove auxiliary files, and never remove them explicitly. Benefit:
|
|
||||||
resources such as initrds/kernels/dtb can be shared between entries.
|
|
||||||
|
|
||||||
* Process credentials in:
|
* Process credentials in:
|
||||||
• networkd/udevd: add a way to define additional .link, .network, .netdev files
|
• networkd/udevd: add a way to define additional .link, .network, .netdev files
|
||||||
via the credentials logic.
|
via the credentials logic.
|
||||||
@ -676,7 +698,7 @@ Features:
|
|||||||
|
|
||||||
* sd-event: add ability to "chain" event sources. Specifically, add a call
|
* sd-event: add ability to "chain" event sources. Specifically, add a call
|
||||||
sd_event_source_chain(x, y), which will automatically enable event source y
|
sd_event_source_chain(x, y), which will automatically enable event source y
|
||||||
in oneshit mode once x is triggered. Use case: in src/core/mount.c implement
|
in oneshot mode once x is triggered. Use case: in src/core/mount.c implement
|
||||||
the /proc/self/mountinfo rescan on SIGCHLD with this: whenever a SIGCHLD is
|
the /proc/self/mountinfo rescan on SIGCHLD with this: whenever a SIGCHLD is
|
||||||
seen, trigger the rescan defer event source automatically, and allow it to be
|
seen, trigger the rescan defer event source automatically, and allow it to be
|
||||||
dispatched *before* the SIGCHLD is handled (based on priorities). Benefit:
|
dispatched *before* the SIGCHLD is handled (based on priorities). Benefit:
|
||||||
@ -1091,12 +1113,7 @@ Features:
|
|||||||
* whenever we receive fds via SCM_RIGHTS make sure none got dropped due to the
|
* whenever we receive fds via SCM_RIGHTS make sure none got dropped due to the
|
||||||
reception limit the kernel silently enforces.
|
reception limit the kernel silently enforces.
|
||||||
|
|
||||||
* add an Open= setting to service unit files that can open arbitrary file
|
* Add service unit setting ConnectStream= which takes IP addresses and connects to them.
|
||||||
system paths at service startup time and pass them to the service process via
|
|
||||||
our usual socket activation protocol. If passed path refers to AF_UNIX
|
|
||||||
socket: connect() to it.
|
|
||||||
|
|
||||||
* Similar, ConnectStream= which takes IP addresses and connects to them.
|
|
||||||
|
|
||||||
* Similar, Load= which takes literal data in text or base64 format, and puts it
|
* Similar, Load= which takes literal data in text or base64 format, and puts it
|
||||||
into a memfd, and passes that. This enables some fun stuff, such as embedding
|
into a memfd, and passes that. This enables some fun stuff, such as embedding
|
||||||
|
Loading…
Reference in New Issue
Block a user