From bbfd2ab18f52600aa41f061b2da9a2afe2a9d6ac Mon Sep 17 00:00:00 2001
From: Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>
Date: Fri, 4 Aug 2017 12:10:50 -0400
Subject: Import Upstream version 0.9+1474479173.6c180c6

---
 TODO | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 TODO

(limited to 'TODO')

diff --git a/TODO b/TODO
new file mode 100644
index 00000000..029b0bf2
--- /dev/null
+++ b/TODO
@@ -0,0 +1,23 @@
+Versioned protocol:
+- Make shim and the bootloaders using it express how enlightened they
+  are to one another, so we can stop earlier without tricks like
+  the one above
+MokListRT signing:
+- For kexec and hybernate to work right, MokListRT probably needs to
+  be an authenticated variable.  It's probable this needs to be done
+  in the kernel boot stub instead, just because it'll need an
+  ephemeral key to be generated, and that means we need some entropy
+  to build up.
+New security protocol:
+- TBD
+kexec MoK Management:
+Modsign enforcement mgmt MoK:
+- This is part of the plan for SecureBoot patches.  Basically these
+  features need to be disableable/enableable in MokManager.
+Variable for debug:
+- basically we need to be able to set a UEFI variable and get debug
+  output.  Right now some code uses SHIM_VERBOSE but that needs a fair
+  amount of work to actually be useful.
+Hashing of option roms:
+- hash option roms and add them to MokListRT
+- probably belongs in MokManager
-- 
cgit v1.2.3