From 84bdf71592be032fa4100fb7b0ed0a9345942ece Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 2 May 2024 18:16:59 +0200 Subject: [PATCH] update TODO --- TODO | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/TODO b/TODO index 5bc8a7c683c..5a422e94db4 100644 --- a/TODO +++ b/TODO @@ -130,6 +130,16 @@ Deprecations and removals: Features: +* cryptenroll/cryptsetup/homed: add unlock mechanism that combines tpm2 and + fido2, as well as tpm2 + ssh-agent, insipred by ChromeOS' logic: encrypt the + volume key with the TPM, with a policy that insists that a nonce is signed by + the fido2 device's key or ssh-agent key. Thus, add unlock/login time the TPM + generates a nonce, which is sent as a challenge to the fido2/ssh-agent, which + returns a signature which is handed to the tpm, which then reveals the volume + key to the PC. + +* cryptenroll/cryptsetup/homed: similar to this, implement TOTP backed by TPM. + * expose the handoff timestamp fully via the D-Bus properties that contain ExecStatus information