mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
update TODO
This commit is contained in:
parent
7704c3474d
commit
fd40e7da6e
36
TODO
36
TODO
@ -142,6 +142,24 @@ Features:
|
|||||||
|
|
||||||
* ditto: rewrite bpf-firewall in libbpf/C code
|
* ditto: rewrite bpf-firewall in libbpf/C code
|
||||||
|
|
||||||
|
* credentials: if we ever acquire a secure way to derive cgroup id of socket
|
||||||
|
peers (i.e. SO_PEERCGROUPID), then extend the "scoped" credential logic to
|
||||||
|
allow cgroup-scoped (i.e. app or service scoped) credentials. Then, as next
|
||||||
|
step use this to implement per-app/per-service encrypted directories, where
|
||||||
|
we set up fscrypt on the StateDirectory= with a randomized key which is
|
||||||
|
stored as xattr on the directory, encrypted as a credential.
|
||||||
|
|
||||||
|
* credentials: optionally include a per-user secret in scoped user-credential
|
||||||
|
encryption keys. should come from homed in some way, derived from the luks
|
||||||
|
volume key or fscrypt directory key.
|
||||||
|
|
||||||
|
* credentials: add a flag to the scoped credentials that if set require PK
|
||||||
|
reauthentication when unlocking a secret.
|
||||||
|
|
||||||
|
* teach systemd --user to properly load credentials off disk, with
|
||||||
|
/etc/credstore equivalent and similar. Mkae sure that $CREDENTIALS_DIRECTORY=
|
||||||
|
actually works too when run with user privs.
|
||||||
|
|
||||||
* extend the smbios11 logic for passing credentials so that instead of passing
|
* extend the smbios11 logic for passing credentials so that instead of passing
|
||||||
the credential data literally it can also just reference an AF_VSOCK CID/port
|
the credential data literally it can also just reference an AF_VSOCK CID/port
|
||||||
to read them from. This way the data doesn't remain in the SMBIOS blob during
|
to read them from. This way the data doesn't remain in the SMBIOS blob during
|
||||||
@ -169,23 +187,11 @@ Features:
|
|||||||
* use udev rule networkd ownership property to take ownership of network
|
* use udev rule networkd ownership property to take ownership of network
|
||||||
interfaces nspawn creates
|
interfaces nspawn creates
|
||||||
|
|
||||||
* support encrypted credentials in user context too. This is complicated by the
|
|
||||||
fact that the user does not have access to the TPM nor the system
|
|
||||||
credential. Implementation idea: extend the systemd-creds Varlink interface
|
|
||||||
to allow this: user must supply some per-user secret, that we'll include in
|
|
||||||
the encryption key.
|
|
||||||
|
|
||||||
* add a kernel cmdline switch (and cred?) for marking a system to be
|
* add a kernel cmdline switch (and cred?) for marking a system to be
|
||||||
"headless", in which case we never open /dev/console for reading, only for
|
"headless", in which case we never open /dev/console for reading, only for
|
||||||
writing. This would then mean: systemd-firstboot would process creds but not
|
writing. This would then mean: systemd-firstboot would process creds but not
|
||||||
ask interactively, getty would not be started and so on.
|
ask interactively, getty would not be started and so on.
|
||||||
|
|
||||||
* extend mime database with mime types for:
|
|
||||||
- journal files
|
|
||||||
- credential files
|
|
||||||
- hwdb files
|
|
||||||
- catalog files
|
|
||||||
|
|
||||||
* cryptsetup: new crypttab option to auto-grow a luks device to its backing
|
* cryptsetup: new crypttab option to auto-grow a luks device to its backing
|
||||||
partition size. new crypttab option to reencrypt a luks device with a new
|
partition size. new crypttab option to reencrypt a luks device with a new
|
||||||
volume key.
|
volume key.
|
||||||
@ -689,10 +695,6 @@ Features:
|
|||||||
- If run on every boot, should it use the sysupdate config from the host on
|
- If run on every boot, should it use the sysupdate config from the host on
|
||||||
subsequent boots?
|
subsequent boots?
|
||||||
|
|
||||||
* provide an API (probably IPC) to apps to encrypt/decrypt
|
|
||||||
credentials. use case: allow bluez bluetooth daemon to pass pairings to initrd
|
|
||||||
that way, without shelling out to our tools.
|
|
||||||
|
|
||||||
* revisit default PCR bindings in cryptenroll and systemd-creds. Currently they
|
* revisit default PCR bindings in cryptenroll and systemd-creds. Currently they
|
||||||
use PCR 7 which should contain secureboot state db/dbx. Which sounded like a
|
use PCR 7 which should contain secureboot state db/dbx. Which sounded like a
|
||||||
safe bet, given that it should change only on policy changes, and not
|
safe bet, given that it should change only on policy changes, and not
|
||||||
@ -1323,8 +1325,6 @@ Features:
|
|||||||
wireguard)
|
wireguard)
|
||||||
- make gatewayd/remote read key via creds logic
|
- make gatewayd/remote read key via creds logic
|
||||||
- add sd_notify() command for flushing out creds not needed anymore
|
- add sd_notify() command for flushing out creds not needed anymore
|
||||||
- make user manager instances create and use a user-specific key (the one in
|
|
||||||
/var/lib is root-only) and add --user switch to systemd-creds to use it
|
|
||||||
|
|
||||||
* TPM2: auto-reenroll in cryptsetup, as fallback for hosed firmware upgrades
|
* TPM2: auto-reenroll in cryptsetup, as fallback for hosed firmware upgrades
|
||||||
and such
|
and such
|
||||||
|
Loading…
Reference in New Issue
Block a user