Import Upstream version 0.9+1474479173.6c180c6upstream/0.9+1474479173.6c180c6

1 files changed, 23 insertions, 0 deletions

diff --git a/TODO b/TODO
new file mode 100644
index 00000000..029b0bf2
--- /dev/null
+++ b/TODO
@@ -0,0 +1,23 @@
+Versioned protocol:
+- Make shim and the bootloaders using it express how enlightened they
+  are to one another, so we can stop earlier without tricks like
+  the one above
+MokListRT signing:
+- For kexec and hybernate to work right, MokListRT probably needs to
+  be an authenticated variable.  It's probable this needs to be done
+  in the kernel boot stub instead, just because it'll need an
+  ephemeral key to be generated, and that means we need some entropy
+  to build up.
+New security protocol:
+- TBD
+kexec MoK Management:
+Modsign enforcement mgmt MoK:
+- This is part of the plan for SecureBoot patches.  Basically these
+  features need to be disableable/enableable in MokManager.
+Variable for debug:
+- basically we need to be able to set a UEFI variable and get debug
+  output.  Right now some code uses SHIM_VERBOSE but that needs a fair
+  amount of work to actually be useful.
+Hashing of option roms:
+- hash option roms and add them to MokListRT
+- probably belongs in MokManager