File tree Expand file tree Collapse file tree 1 file changed +15
-0
lines changed
Expand file tree Collapse file tree 1 file changed +15
-0
lines changed Original file line number Diff line number Diff line change @@ -130,6 +130,21 @@ Deprecations and removals:
130130
131131Features:
132132
133+ * pcrextend: when we fail to measure, reboot the system (at least optionally).
134+ important because certain measurements are supposed to "destroy" tpm object
135+ access.
136+
137+ * pcrextend: after measuring get an immediate quote from the TPM, and validate
138+ it. if it doesn't check out, i.e. the measurement we made doesn't appear in
139+ the PCR then also reboot.
140+
141+ * cryptsetup: add boolean for disabling use of any password/recovery key slots.
142+
143+ * dissect: when mounting a file system, look into certain xattrs on / in them, and
144+ if that exists, check if gpt partition flags + type uuid + uuid match the
145+ data encoded therein, so that attackers cannot make us misuse our file
146+ systems
147+
133148* complete varlink introspection comments:
134149 - io.systemd.BootControl
135150 - io.systemd.Hostname
You can’t perform that action at this time.
0 commit comments