mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
update TODO
Seeding RNG via SMBIOS is bad idea, since often measurement of SMBIOS tables is used for TPM policies, under the assumption SMBIOS remains static after a certain point.
This commit is contained in:
parent
c5be1ceb08
commit
d52e1c81b9
5
TODO
5
TODO
@ -187,11 +187,6 @@ Features:
|
||||
* sd-boot: include domain specific hash string in hash function for random seed
|
||||
plus sizes of everything. also include DMI/SMBIOS blob
|
||||
|
||||
* accept a random seed via DMI/SMBIOS vendor string that is credited to the
|
||||
kernel RNG, as cheap alternative to virtio-rng (problem: when credited it
|
||||
must also be invalidated, question is if we can safely do that for SMBIOS
|
||||
data structures)
|
||||
|
||||
* sd-stub: invoke random seed logic the same way as in sd-boot, except if
|
||||
random seed EFI variable is already set. That way, the variable set will be
|
||||
set in all cases: if you just use sd-stub, or just sd-boot, or both.
|
||||
|
Loading…
Reference in New Issue
Block a user