diff options
| author | Lennart Poettering <lennart@poettering.net> | 2023-06-12 23:00:47 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-06-12 23:00:47 +0200 |
| commit | 0f85a0d38f89721be5897c0ecb1a6229240b4949 (patch) | |
| tree | b881fd0974ce7129d258cdd8ade247d44b04d0d9 /TODO | |
| parent | boot: Unify protocol opening (diff) | |
| download | systemd-0f85a0d38f89721be5897c0ecb1a6229240b4949.tar.xz systemd-0f85a0d38f89721be5897c0ecb1a6229240b4949.zip | |
update TODO
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -129,6 +129,15 @@ Deprecations and removals: Features: +* in sd-stub: optionally add support for a new PE section .keyring or so that + contains additional certificates to include in the Mok keyring, extending + what shim might have placed there. why? let's say I use "ukify" to build + + sign my own fedora-based UKIs, and only enroll my personal lennart key via + shim. Then, I want to include the fedora keyring in it, so that kmods work. + But I might not want to enroll the fedora key in shim, because this would + also mean that the key would be in effect whenever I boot an archlinux UKI + built the same way, signed with the same lennart key. + * resolved: take possession of some IPv6 ULA address (let's say fd00:5353:5353:5353:5353:5353:5353:5353), and listen on port 53 on it for the local stubs, so that we can make the stub available via ipv6 too. |